Industrial engineers and operators are the target of a new campaign that leverages password cracking software to seize control of Programmable Logic Controllers (PLCs) and co-opt the machines to a botnet. This software can retrieve a password by infecting the machine with Sality malware, which turns the host into a peer in Sality’s peer-to-peer botnet. The password retrieval exploit is designed to recover the credential associated with Automation Direct’s DirectLOGIC06 PLC. The vulnerability is tracked as CVE-2022-2003 and could lead to the transmission of sensitive data and unauthorized changes. The exploit is very effective because it can terminate security software and remain undetected while performing the tasks identified above. It also functions as a crypto-clipper payload by substituting the original wallet address with the attacker’s wallet address during a transaction.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is