"CosmicEnergy's Threat to Critical Infrastructure in Dispute"

There are disagreements among security researchers regarding the danger posed by the recently discovered malware "CosmicEnergy" to critical infrastructure. Last month, the threat intelligence company Mandiant identified CosmicEnergy as a "plausible threat" to electric grid operators. Mandiant first identified the malware after the code was uploaded to a public malware scanning tool in December 2021. In an analysis report released last month, the company noted that there was evidence indicating that it had been designed as a red teaming tool for simulated power disruption exercises. According to the report, given that threat actors use red team tools and public exploitation frameworks for targeted threat activity, CosmicEnergy is believed to pose a plausible threat to impacted electric grid assets. In a report published last week, however, researchers from the industrial cybersecurity company Dragos noted that the malware is not yet mature enough to endanger Operational Technology (OT) networks. Dragos also mentioned CosmicEnergy's probable origins as a training tool for detection development, figuring that while its discovery should prompt organizations to reevaluate OT security, there was no immediate threat to OT environments. Jimmy Wylie, technical lead malware analyst and lead author, commented that there are no indications that an adversary is actively deploying CosmicEnergy. This article continues to discuss disputes regarding the CosmicEnergy malware.

SC Magazine reports "CosmicEnergy's Threat to Critical Infrastructure in Dispute"