The IRONGATE malware is likely a proof of concept, but could signal future attacks
Researchers have found a malware program that was designed to manipulate supervisory control and data acquisition SCADA systems in order to hide the real readings from industrial processes.
The new malware was discovered in the second half of last year by researchers from security firm FireEye, not in an active attack, but in the VirusTotal database.
The mysterious program, which FireEye has dubbed IRONGATE, was uploaded to VirusTotal by several sources in 2014, at which time none of the antivirus products used by the site detected it as malicious.
They're designed to find and replace a specific DLL that communicates with Siemens SIMATIC S7-PLCSIM, a software product that allows users to run programs on simulated S7-300 and S7-400 programmable logic controllers PLCs .
They transmit their readings and other data to monitoring software, the human-machine interface HMI , that runs on workstations used by engineers.
The Siemens Product Computer Emergency Readiness Team ProductCERT "has confirmed that the code would not work against a standard Siemens control system environment," the FireEye researchers said in a blog post Thursday.