Experts have uncovered that thousands of critical infrastructure organisations, as well as those working in other equally important verticals, were hit with a malicious attack designed to compromise their industrial control devices (ICD).
In 2021, cybersecurity researchers at Socket identified nine packages on NuGet that contained sabotage payloads intended to activate in 2027 and 2028 if certain conditions were met.
NuGet is the package manager for .NET, which includes open-source .NET libraries that can be easily added to a project by software developers. Siemens S7 industrial control devices are commonly found in manufacturing plants, energy and utilities, oil, gas, and chemical industries, building automation, and transportation.
The payload is active only between August 8, 2027, and November 29, 2028, and has two destructive actions: it randomly kills the host process 20% of the time (immediate stops), and in the Sharp7Extend package, breaks initialisation and/or, after a 90-minute delay, corrupts PLC write commands with an 80% chance.
The identity of the threat actors who uploaded these packages and their motives remains unknown. Users are urged to audit their assets for the packages and remove them immediately.
Here is the full list of malicious packages discovered so far: SqlUnicorn.Core, qlDbRepository, SqlLiteRepository, SqlUnicornCoreTest, SqlUnicornCore, SqlRepository, MyDbRepository, MCDbRepository, Sharp7Extend.
Meanwhile, Dark Web Intelligence reported that threat actors claimed to have stolen data from HSBC USA and that they had access to a large database containing highly sensitive personally identifiable information (PII) and financial records of HSBC USA customers, including Social Security numbers (SSNs), bank account numbers, and account balances, among other data.
The threat actor announcement appeared on dark web forums, where those who identify themselves as responsible for the breach have disclosed information about the customer database that was breached, including a substantial number of HSBC USA customers, and claim to have access to full financial profiles.