Hackers Distributing Password Cracking Tool for PLCs and HMIs to Target Industrial Systems
Jul 18, 2022
Industrial engineers and operators are the target of a new campaign that leverages password cracking software to seize control of Programmable Logic Controllers (PLCs) and co-opt the machines to a botnet. The software "exploited a vulnerability in the firmware which allowed it to retrieve the password on command," Dragos security researcher Sam Hanson said . "Further, the software was a malware dropper, infecting the machine with the Sality malware and turning the host into a peer in Sality's peer-to-peer botnet." The industrial cybersecurity firm said the password retrieval exploit embedded in the malware dropper is designed to recover the credential associated with Automation Direct DirectLOGIC 06 PLC . The exploit, tracked as CVE-2022-2003 (CVSS score: 7.7), has been described as a case of cleartext transmission of sensitive data that could lead to information disclosure and unauthorized changes. The issue was addressed in firmware Version 2.72 rele...
