S1157 Fuxnet
Fuxnet is malware designed to impact the industrial network infrastructure managing control system sensors for utility operations in Moscow. Fuxnet is linked to an entity referred to as the Blackjack hacking group, which is assessed to be linked to Ukrainian intelligence services.
| Item |
Value |
| ID |
S1157 |
| Associated Names |
|
| Type |
MALWARE |
| Version |
1.0 |
| Created |
11 September 2024 |
| Last Modified |
12 September 2024 |
| Navigation Layer |
View In ATT&CK® Navigator |
Techniques Used
| Domain |
ID |
Name |
Use |
| ics |
T0806 |
Brute Force I/O |
Fuxnet repeatedly wrote arbitrary data over the Meter-Bus channel from impacted devices to connected sensors to render sensor data acquisition useless. |
| ics |
T0809 |
Data Destruction |
Fuxnet physically destroyed NAND memory chips on impacted devices through repeated bit-flip operations. |
| ics |
T0814 |
Denial of Service |
Fuxnet shut down remote access services such as SSH, HTTP, telnet, and SNMP to a device along with deleting the routing table for routing devices to inhibit system accessibility and communication. |
| ics |
T0822 |
External Remote Services |
Fuxnet initial execution relied on accessing external remote services for victim environments. |
| ics |
T0883 |
Internet Accessible Device |
Fuxnet execution relied upon accessing Internet-accessible devices for initial access and deployment. |
| ics |
T0829 |
Loss of View |
Fuxnet impaired sensor communication to impacted devices resulting in a loss of view condition for overall system monitoring. |
References