Intelligence Corner

 Mandiant Identifies Novel OT Malware: COSMICENERGY Researchers at Mandiant recently provided the public with an analysis of a recently discovered OT malware they've dubbed COSMICENERGY. The malware was uploaded to a public malware scanner in December of 2021 by someone in Russia. They believe that the malware may have been developed by a contractor for red teaming purposes for simulation of power disruption exercises hosted by Rostelecom-Solar, a Russian cybersecurity consultant company. In their blog post, Mandiant draws comparisons between this new malware and previous OT malwares like INDUSTROYER, like both malwares being deployed to impact electricity transmission and distribution through IEC-104. COSMICENERGY contains two derivative components: PIEHOP and LIGHTWORK. PIEHOP is a disruption tool written in Python that is able to connect to remote MSSQL servers for file upload and sending remote commands to a remote terminal unit (RTU). PIEHOPE uses LIGHTWORK to issue "ON...

The Vulnerabilities Print management software company PaperCut warned users of their product about an actively exploited vulnerability in their printing management software. The company claimed that 3rd party security vendors informed them of the two critical vulnerabilities as far back as January 10th, 2023. Tracked as CVE-2023-27350 and CVE-2023-27351 , the low-complexity vulnerabilities allow for threat actors to bypass authentication and execute arbitrary code on compromised PaperCut servers with SYSTEM permissions and without user interaction. Both flaws have since been fixed in PaperCut MF and PaperCut NG versions 20.1.7, 21.2.11, and 22.0.9 and later. Technical details on the exploits and proof of concept(s) can be found here:  https://news.sophos.com/en-us/2023/04/27/increased-exploitation-of-papercut-drawing-blood-around-the-internet/  https://packetstormsecurity.com/files/172022/PaperCut-NG-MG-22.0.4-Authentication-Bypass.html https://github.com/horizon3ai/CVE-2023-...