Hacker through password recovery tool infects industrial systems with Sality malware

A hacker is infecting industrial control systems (ICS) to create a botnet through password ‘cracking’ software for programmable logic controllers (PLCs).

The password recovery tools promise to unlock PLC and HMI (human-machine interface) terminals from Automation Direct, Omron, Siemens, Fuji Electric, Mitsubishi, LG, Vigor, Pro-Face, Allen Bradley, Weintek, ABB, and Panasonic.

At the industrial cybersecurity company, Dragos, security researchers analyzed one incident affecting DirectLogic PLCs from Automation Direct and found out that the “cracking” software was exploiting a known vulnerability in the device to extract the password.

According to Bleeping Computer, the tool also dropped Sality, a piece of malware that creates a peer-to-peer botnet for various tasks that require the power of distributed computing to complete faster (e.g. password cracking, cryptocurrency mining).

Researchers at Dragos discovered that the exploit used by the malicious program was restricted to serial-only communications. However, they also found a way to recreate it over Ethernet, which increases the severity.

After studying the Sality-laced software, Dragos informed Automation Direct of the vulnerability, and the vendor released appropriate mitigations.

“The threat actor’s campaign is ongoing, though, and administrators of PLC from other vendors should be aware of the risk of using password cracking software in ICS environments,” a source as per Bleeping Computer.


Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates Read More

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

function init() { var vidDefer = document.getElementsByTagName('iframe'); for (var i=0; i