TLDR:

Dragos has released an intelligence brief on the FrostyGroup ICS malware, highlighting its impact on OT systems. The malware targets devices using the Modbus TCP protocol and was involved in a cyber-attack on a district energy company in Ukraine. The incident led to a two-day remediation process and impacted over 600 apartment buildings.

Dragos has recently published an intelligence brief that delves into the impact of the FrostyGroup ICS malware on connected OT systems. The malware, named FrostyGoop, was discovered in a malware scanning repository in April 2024.

• The FrostyGoop malware targets devices communicating over Modbus TCP.
• It can manipulate control, modify parameters, and send unauthorized command messages.

The Cyber Security Situation Center in Ukraine shared details with Dragos about a cyber-attack on a district energy company in Lviv that took place in January 2024. The attack, facilitated by FrostyGoop and internet-exposed ICS devices, led to a two-day remediation process and affected over 600 apartment buildings in the area.

Dragos assessed that the incident highlights the vulnerability of ICS systems to cyber-attacks, particularly those using common protocols like Modbus TCP. The full intelligence brief can be accessed for more in-depth information on the FrostyGroup ICS malware and its impact on OT systems.