CyberAv3ngers’ Malware Hits IoT/OT Systems in Fuel and Energy Sectors
- Actor Motivations: Sabotage
- Attack Vectors: Vulnerability Exploitation,Backdoor,Malware
- Attack Complexity: High
- Threat Risk: High Impact/Low Probability
Threat Overview
Team82's research details the IOCONTROL malware, a custom-built cyberweapon used by Iran-linked attackers, specifically the CyberAv3ngers group. The malware targets a range of industrial control systems (ICS) and Internet of Things (IoT) devices, notably impacting fuel management systems in Israel and the US. IOCONTROL's functionality includes communication via the MQTT protocol and features such as arbitrary code execution and self-deletion. The analysis reveals the malware's infrastructure, including its command-and-control server and the methods used to evade detection. The report concludes that IOCONTROL represents a significant threat to critical infrastructure, highlighting the ongoing geopolitical conflict.
Detected Targets
| Type | Description | Confidence |
|---|---|---|
| Sector | Manufacturing | High |
| Sector | Energy | High |
| Sector | Oil and Gas | High |
| Region | Israel | Verified |
| Region | United States | Verified |
Extracted IOCs
- ocferda[.]com
- tylarion867mino[.]com
- uuokhhfsdlk.tylarion867mino[.]com
- 1b39f9b2b96a6586c4a11ab2fdbff8fdf16ba5a0ac7603149023d73f33b84498
- 159[.]100.6.69
Tip: 5 related IOCs (1 IP, 3 domain, 0 URL, 0 email, 1 file hash) to this threat have been found.