"Hackers Distributing Password Cracking Tool for PLCs and HMIs to Target Industrial Systems"
A new campaign leveraging password cracking software to seize control of Programmable Logic Controllers (PLCs) and co-opt the machines to a botnet is targeting industrial engineers and operators. According to Dragos security researcher Sam Hanson, the software exploited a vulnerability in the firmware that enabled it to recover the password on command. Furthermore, the software served as a malware dropper, infecting the machine with Sality malware and converting it into a peer in Sality's peer-to-peer botnet. The password retrieval exploit embedded in the malware dropper, according to the industrial cybersecurity firm, is designed to recover the credential associated with Automation Direct DirectLOGIC 06 PLC. The exploit, CVE-2022-2003 (CVSS score: 7.7), has been described as a case of cleartext transmission of sensitive data, which could result in information disclosure and unauthorized changes. The problem was fixed in firmware Version 2.72, released in June. This article continues to discuss the new malicious campaign against industrial systems involving a password cracking tool.