Fuxnet

Fuxnet is malware designed to impact the industrial network infrastructure managing control system sensors for utility operations in Moscow. Fuxnet is linked to an entity referred to as the Blackjack hacking group, which is assessed to be linked to Ukrainian intelligence services.^[1]

ID: S1157

ⓘ

Type: MALWARE

ⓘ

Platforms: Input/Output Server, Control Server

Contributors: Sharon Brizinov, Claroty Team82 Research

Version: 1.0

Created: 11 September 2024

Last Modified: 12 September 2024

Version Permalink

Live Version

Techniques Used

Domain	ID	Name	Use
ICS	T0806	Brute Force I/O	Fuxnet repeatedly wrote arbitrary data over the Meter-Bus channel from impacted devices to connected sensors to render sensor data acquisition useless.^[1]
ICS	T0809	Data Destruction	Fuxnet physically destroyed NAND memory chips on impacted devices through repeated bit-flip operations.^[1]
ICS	T0814	Denial of Service	Fuxnet shut down remote access services such as SSH, HTTP, telnet, and SNMP to a device along with deleting the routing table for routing devices to inhibit system accessibility and communication.^[1]
ICS	T0822	External Remote Services	Fuxnet initial execution relied on accessing external remote services for victim environments.^[1]
ICS	T0883	Internet Accessible Device	Fuxnet execution relied upon accessing Internet-accessible devices for initial access and deployment.^[1]
ICS	T0829	Loss of View	Fuxnet impaired sensor communication to impacted devices resulting in a loss of view condition for overall system monitoring.^[1]

References

Team82. (2024, April 12). Unpacking the Blackjack Group's Fuxnet Malware. Retrieved September 11, 2024.

Fuxnet

ICS Layer

Techniques Used

References