'Trojan Horse' Bug Lurking in Vital US Computers Since 2011

[InfoSec News <alerts () infosecnews org>]

http://abcnews.go.com/US/trojan-horse-bug-lurking-vital-us-computers-2011/story?id=26737476

By JACK CLOHERTY and PIERRE THOMAS
ABC News
Nov 6, 2014

A destructive “Trojan Horse” malware program has penetrated the software 
that runs much of the nation’s critical infrastructure and is poised to 
cause an economic catastrophe, according to the Department of Homeland 
Security.

National Security sources told ABC News there is evidence that the malware 
was inserted by hackers believed to be sponsored by the Russian 
government, and is a very serious threat.

The hacked software is used to control complex industrial operations like 
oil and gas pipelines, power transmission grids, water distribution and 
filtration systems, wind turbines and even some nuclear plants. Shutting 
down or damaging any of these vital public utilities could severely impact 
hundreds of thousands of Americans.

DHS said in a bulletin that the hacking campaign has been ongoing since 
2011, but no attempt has been made to activate the malware to “damage, 
modify, or otherwise disrupt” the industrial control process. So while 
U.S. officials recently became aware the penetration, they don’t know 
where or when it may be unleashed.

DHS sources told ABC News they think this is no random attack and they 
fear that the Russians have torn a page from the old, Cold War playbook, 
and have placed the malware in key U.S. systems as a threat, and/or as a 
deterrent to a U.S. cyber-attack on Russian systems – mutually assured 
destruction.

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/