Fuxnet

Fuxnet is malware designed to impact the industrial network infrastructure managing control system sensors for utility operations in Moscow. Fuxnet is linked to an entity referred to as the Blackjack hacking group, which is assessed to be linked to Ukrainian intelligence services.[1]

ID: S1157
Type: MALWARE
Platforms: Input/Output Server, Control Server
Contributors: Sharon Brizinov, Claroty Team82 Research
Version: 1.0
Created: 11 September 2024
Last Modified: 12 September 2024

Techniques Used

Domain ID Name Use
ICS T0806 Brute Force I/O

Fuxnet repeatedly wrote arbitrary data over the Meter-Bus channel from impacted devices to connected sensors to render sensor data acquisition useless.[1]

ICS T0809 Data Destruction

Fuxnet physically destroyed NAND memory chips on impacted devices through repeated bit-flip operations.[1]

ICS T0814 Denial of Service

Fuxnet shut down remote access services such as SSH, HTTP, telnet, and SNMP to a device along with deleting the routing table for routing devices to inhibit system accessibility and communication.[1]

ICS T0822 External Remote Services

Fuxnet initial execution relied on accessing external remote services for victim environments.[1]

ICS T0883 Internet Accessible Device

Fuxnet execution relied upon accessing Internet-accessible devices for initial access and deployment.[1]

ICS T0829 Loss of View

Fuxnet impaired sensor communication to impacted devices resulting in a loss of view condition for overall system monitoring.[1]

References