In July 2024, the operational technology (OT)-centric malware FrostyGoop/BUSTLEBERM became publicly known, after attackers used it to disrupt critical infrastructure. The outage occurred after the Cyber Security Situation Center (CSSC), affiliated with the Security Service of Ukraine, disclosed details of an attack on a municipal energy company in Ukraine in early 2024.
FrostyGoop is the ninth reported OT-centric malware, but the first that used Modbus TCP communications to impact the power supply to heating services for over 600 apartment buildings. FrostyGoop can be used both within a compromised perimeter and externally if the target device is accessible over the internet. FrostyGoop sends Modbus commands to read or modify data on industrial control systems (ICS) devices, causing damage to the environment where attackers installed it.
Read more…
Source: Trend Micro
Related:
- CVE-2026-0826: How an Old Bug Can Feed AI-Powered Impersonation
June 1, 2026
Rapid7 Senior Principal Security Researcher Stephen Fewer discovered CVE-2026-0826, a critical unauthenticated stack-based buffer overflow vulnerability affecting multiple HP Poly VoIP devices. If you’ve been around vulnerability research long enough, the bug class here is going to feel very familiar. And interestingly enough, that’s exactly why it deserves attention. These older exploitation primitives never really went ...
- Containers on fire: from container escapes to supply chain attacks
June 1, 2026
Modern infrastructures universally rely on containerization to deploy applications, scale services, and build cloud platforms. The use of Docker, Kubernetes, and similar technologies has become the corporate standard for efficient automation. However, as containers grow in popularity, so does the interest of malicious actors — a trend Kaspersky actively track in our research into advanced ...
- Physical attacks on major crypto holders is on the rise as ‘Whales’ are targeted for kidnapping News
May 30, 2026
Cryptocurrency executives and whales alike are increasingly being targeted by a mix of criminal elements worldwide, even as security continues to be beefed up to protect the not-so-anonymous owners of cryptocurrency. The transparency introduced to the crypto world is putting some coin-collectors at risk of physical harm, and even kidnapping. But many are also being outed by ...
- Dutch cops wrest 17M devices from mystery botnet’s clutches
May 29, 2026
Dutch police say they dismantled a large botnet this week comprising at least 17 million infected devices. After being tipped off by a researcher at the Netherlands’ National Cyber Security Centre (NCSC-NL), police began an investigation, which resulted in the discovery of 200 servers underpinning the botnet’s infrastructure located in the country. Cybercrime specialists at The Hague ...
- No fix yet for critical RCE bug in open-source Git service Gogs – exploit module is out
May 29, 2026
There’s a huge hole and no one is patching it thus far. A critical, remote code execution (RCE) bug in Gogs, a popular open-source self-hosted Git service, can be exploited by any authenticated user – no special privileges required – on a default installation to fully compromise vulnerable servers, steal credentials and multi-factor authentication secrets, ...
- Microsoft under fire for threatening security researcher with criminal investigation
May 29, 2026
After a security researcher published a series of unpatched bugs in Microsoft products, along with code to exploit them, the company is now threatening to take legal action and call the cops on them. Microsoft’s veiled threat reignites a long-running argument over what responsibility, if any, security researchers have to disclose vulnerabilities affecting large and ...