Team82 analyzed a sample of IOCONTROL, a custom-built IoT/OT malware used by Iran-affiliated attackers to target Israel and U.S.-based devices. The malware affects various IoT and SCADA/OT devices, including IP cameras, routers, PLCs, HMIs, and firewalls from multiple vendors. IOCONTROL is believed to be part of a global cyber operation against western IoT and OT devices, likely used as a cyberweapon by a nation-state to attack civilian critical infrastructure. The malware uses the MQTT protocol for C2 communication and employs stealth techniques like DNS over HTTPS. It has capabilities for arbitrary code execution, self-deletion, port scanning, and persistence through a daemon installation. Author: AlienVault
Related Tags:
IOCONTROL
T1547.006
T1102.002
T1053.003
T1027.002
T1070.004
T1059.004
T1595
mqtt
Associated Indicators:
366E435A1EA0F597DEB6EBE7C0C5ACDB6E8B33EB
C92E2655D115368F92E7B7DE5803B7BC
159.100.6.69