FrostyGoop.

An ICS-specific malware discovered by Dragos in 2024 that abuses Modbus TCP to disrupt energy and heating control systems, attributed by Dragos to a Russia-linked actor and tied to a January 2024 attack on a Ukrainian municipal heating utility. サイバーセキュリティの OT / ICS / IoT カテゴリに属します。

An ICS-specific malware discovered by Dragos in 2024 that abuses Modbus TCP to disrupt energy and heating control systems, attributed by Dragos to a Russia-linked actor and tied to a January 2024 attack on a Ukrainian municipal heating utility.

FrostyGoop is an ICS-specific malware first publicly reported by Dragos in July 2024 and described as the ninth known piece of malware purpose-built to interact with industrial control systems. It is a Go binary designed to send Modbus TCP commands directly to industrial devices — most notably the ENCO heating controllers used at a Ukrainian district-heating utility in Lviv. In a January 2024 incident, FrostyGoop was used to send malicious Modbus TCP `write_multiple_registers` commands that altered controller setpoints, cutting heat for approximately 600 apartment buildings during winter for nearly two days. The malware's design assumes the attacker has already gained access to the engineering network; defenses are therefore concentrated upstream — robust IT/OT segmentation, removal of MikroTik-style edge devices with default credentials (the entry vector in the Lviv case), monitoring for unusual Modbus TCP write commands, and protocol-aware detection from OT-specific NDRs (Dragos, Claroty, Nozomi).

FrostyGoop に対する防御は通常、上記の定義で述べたとおり、技術的統制と運用上の実践を組み合わせます。

一般的な別名: FROSTYGOOP, Modbus TCP malware (Lviv)。