The first cryptocurrency malware attack on a SCADA network was aimed at a water utility company.
The first cryptocurrency malware attack on a SCADA network was aimed at a water utility company.

The first documented cryptominer attack on a SCADA network of a critical infrastructure operator was seen in the wild.

Radiflow researchers spotted the malware attacking the OT network of a water utility company in order to mine the Monero cryptocurrency, according to a Feb. 8 press release.

The malware was designed to run in a stealth mode on the networks' devices and even disable the device's security tools to operate undetected and maximize its mining processes for as long as possible.  

“While it is known that ransomware attacks have been launched on OT networks, this new case of a cryptocurrency malware attack on an OT network poses new threats as it runs in stealth mode and can remain undetected over time,” Radiflow Chief Technology Officer (CTO) Yehonatan Kfir said in the release.

The malware was discovered after researchers detected several abnormalities, including unexpected HTTP communications and changes to the topology of the customer's OT network and communication attempts with suspicious IP addresses.