Industrial cybersecurity company Dragos released a report detailing a malware strain dubbed FrostyGoop that was used to target a municipal district energy company in Lviv, Ukraine earlier this year. The attack caused residents of approximately 600 apartment buildings to lose heat and hot water for nearly two days in subzero temperatures, as the company remediated. The malware sent commands to controllers used to manage boilers and heating pumps. The commands included instructions for the Modbus protocol that caused inaccurate measurements and system malfunctions.

FrostyGoop can manipulate control, modify parameters, and send unauthorized command messages by targeting devices communicating over the Modbus TCP protocol commonly used in many industrial sectors. It is only the ninth known malware variant specifically designed to target industrial control systems (ICS).

More information on FrostyGoop can be found in the Dragos ICS Malware Intelligence Brief.