Science & Technology

Attack on Russian Schneider Electric SCADA / ICS site

Welcome, my cyber warriors!

The first round of the 2022 Great Cyber ​​War went to Ukraine and its allies from all over the world. Among the many successful attacks were the short-term hijacking of Russia Today TV, the tampering of multiple websites, and perhaps most importantly, the massive DDoS of Russia’s Internet architecture. We have succeeded in making almost 98% of Russian public websites inaccessible, including the Moscow Stock Exchange and many military and government sites.

As you know, I expect Russia to attack the western industrial infrastructure in the second round of this war. The war continues to be protracted and Russia’s efforts are becoming more and more desperate and brutal. They have lost thousands of soldiers and huge amounts of tanks and other military hardware.

Attacks on national SCADA / ICS infrastructure are the core options for cyberattacks. If you attack, you can expect a counterattack in kind. This means that electricity, telecommunications, sewerage, and water systems can fail. Citizens are affected and innocent people die. So this is very serious. This option should only be triggered if Russia’s SCADA / ICS attacked non-combat countries (Poland, Romania, USA, Germany, etc.) in this war. Otherwise, there is a risk of escalating this war. No one wants it.

Schneider Electric in France is a leading producer of industrial control systems. They sell them all over the world. These include building control systems, manufacturing systems, substations, and more.

Recently, we Hackers-Arise have scanned Russia and found all Schneider Electric based sites. We have compiled a list of 366 sites in Russia. This list includes cities, GPS coordinates, and IP addresses, such as:

You can download the entire list in the following csv format.

Russian Schneider system

.csv

Download CSV • 22KB

These should be part of the first system to attack if Russia attacks non-combatant infrastructure in this war (Russia has already attacked Ukraine’s infrastructure). Attacks on these systems include:

  1. Denial of service (DoS) attack.. These systems use port 80 or 502 to manage and manage them. If these ports are overwhelmed by traffic, the administrator will not be able to connect.

  2. Default password

  3. modbus -cli

  4. Various exploits In the public domain

Let’s take a look at each of these.

DDoS


Similar to traditional DDoS attacks, these system interfaces can be overwhelmed by “junk” traffic. Doing so will make the interface unavailable to the administrator. In most cases, this system is managed over port 502, but some systems use HTTP connections on the port. 80 or SSH on port 21. Scan your system first to see which ports are open, then throw as many junks as you can. zmap Here it is a good tool as a DoS tool.


Default password

Surprisingly, many systems are still logged in with the default password. In that case, you can control the system and shut it down. If you watched my SCADA hacking and security video, you’ll find that I can often log in to these systems with default credentials.

The following is a list of default passwords for the Schneider system.

modbus-cli


modbus-cli is a simple command line tool that allows you to send commands to modbus-based systems over port 502. If you can send commands to a modbus-based PLC, the possibilities are endless. If you know what you’re doing, it can disrupt the underlying system. Read how to use this tool. click here..

Exploit

Schneider Electric systems are notorious for being vulnerable to abuse. It’s become more secure in recent years, but just searching the CVE database showed four vulnerabilities with a CVSS score of 9.3 last year.

I have downloaded the complete list of text files for download below.

You can find numerous exploits for the Schneider system by looking at the explore-db database. One of the recent ones has been ported to Metasploit, making it simple and easy to use.

This is the Schneider Electric PelcoEndura NET55XX Encoder Exploit from 2019 on Metasploit. Use it wisely.

For other SCADA / ICS Metasploit modules, click here

Overview

Do not attack these systems unless Russia attacks first. The SCADA / ICS system is the backbone of the modern economy. They include electricity, telecommunications, energy, water, manufacturing and other systems. The victims of such attacks are innocent civilians, which is why they are a nuclear option.

For more information on this important area of ​​SCADA / ICS hacking, click here Alternatively, join Hackers-Arise to attend the following SCADA / ICS hacking and security training.

Attack on Russian Schneider Electric SCADA / ICS site

https://www.hackers-arise.com/post/round-2-of-the-great-cyberwar-of-2022-attacking-russia-s-schneider-electric-scada-ics-sites Attack on Russian Schneider Electric SCADA / ICS site

Back to top button