5 Jun 2016



Irongate — New Stuxnet-like Malware Targets Industrial Control Systems


Security researchers have discovered a sophisticated piece of malware that uses tricks from the Stuxnet sabotage malware and is specifically designed to target industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems.

Researchers at the security firm FireEye Labs Advanced Reverse Engineering said on Thursday that the malware, dubbed "IRONGATE," affects Siemens industrial control systems.


However, the researchers note that Irongate doesn't compare to Stuxnet in terms of complexity, ability to propagate, or geopolitical implications.

Moreover, Irongate differs from Stuxnet in the way it avoids detection. While Stuxnet only looked for the presence of various antivirus software on the target systems, Irongate looks for sandbox environments such as VMWare and Cuckoo Sandbox.

FireEye says the firm detected several versions of Irongate on malware database VirusTotal in the second half of 2015, but researchers managed to track down two malware samples to September 2014.

The research team doesn't think that Irongate is written by the Stuxnet’s authors, as Irongate is not the type of sophistication one would expect from a nation state.

FireEye says Irongate could be a proof-of-concept, a research project, or just a test, which is why the firm went public with the details in order to find out more about the malware sample.

But the question still remains: Who did write Irongate?
thehackernews