Piehop

Malware updated a month ago (2024-11-29T14:51:12.575Z)
Download STIX
Preview STIX
Piehop is a malicious software (malware) component used in tandem with another malware component known as LightWork. These tools were developed by the threat actor group CosmicEnergy, according to cybersecurity firm Mandiant. Piehop, written in Python, connects to a remote Microsoft SQL Server (MSSQL) to upload files and issue remote commands to Remote Terminal Units (RTUs). Meanwhile, LightWork, written in C++, implements the IEC-104 protocol over TCP to modify the state of RTUs. These two components together form a potent tool for cyberattacks, capable of causing significant disruption. The operational capabilities of these malware components, however, were initially compromised due to programming errors. Mandiant's analysis revealed that the sample of Piehop they obtained was riddled with programming logic errors that prevented it from successfully performing its IEC-104 control capabilities. Despite this, Mandiant believes these errors are easily correctable. On the other hand, LightWork was found to be functioning correctly, modifying the state of RTUs over TCP as intended. The combined use of Piehop and LightWork allows the malware to send remote commands that can affect the actuation of power line switches and circuit breakers, potentially leading to power disruptions. Specifically, Piehop uses LightWork to issue 'ON' or 'OFF' commands to the remote system before immediately deleting the executable after issuing the command. This novel malware's ability to leverage access to cause widespread disruption underscores the increasing sophistication of cyber threats and the importance of robust cybersecurity measures.
Description last updated: 2024-05-05T01:17:03.723Z
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Piehop Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more