top of page
Search
  • Writer's pictureotw

Round 2 of the Great Cyberwar of 2022: Attacking Russia's Schneider Electric SCADA/ICS Sites

Updated: Dec 28, 2022

Welcome back, my cyber warriors!


Round 1 of the Great Cyberwar of 2022 went to Ukraine and its allies from around the world. Among the many successful attacks were the brief takeover of Russia Today TV, the defacement of multiple websites, and probably most importantly, the massive DDoS of Russia's Internet architecture. We successfully made inaccessible almost 98% of the public-facing websites in Russia including the Moscow Stock Exchange and many military and government sites.


As you know, I expect Russia to attack the industrial infrastructure of the West in Round 2 of this war. The war continues to drag on and Russia's efforts become increasingly desperate and brutal. They are losing thousands of soldiers and untold amounts of tanks and other military hardware.





Attacks against a nation's SCADA/ICS infrastructure is the nuclear option for cyber attacks. If you attack, you can expect a counterattack, in kind. This means that electricity, communications, sewer and water systems may become inoperable. The civilian populations will be impacted and innocent people will die. That's why this is so serious. This option should ONLY be triggered as a response to a Russian SCADA/ICS attack on a non-combatant nation (Poland, Romania, US, Germany, etc.) in this war. To do otherwise risks escalating this war. No one wants that.


Schneider Electric of France is a major producer of industrial control systems. They sell them throughout the world. These include building control systems, manufacturing systems, electrical substations and many more.


Recently, we at Hackers-Arise, scanned Russia to find all of their Schneider Electric based sites. We have compiled a list of 366 sites in Russia . This list includes their city, their GPS coordinates and IP address such as below.




You can download the entire list in csv format below.



russian schneider systems
.csv
Download CSV • 22KB


These should be among some of the first systems to attack in the event that Russia attacks the infrastructure of non-combatants in this war (Russia has already attacked the infrastructure of Ukraine). Attacks against these systems can include such things as;


  1. Denial of Service (DoS) attack. These systems use port 80 or 502 to manage and administer them. If those ports are overwhelmed with traffic, the administrator can not connect.

  2. Default Passwords

  3. modbus -cli

  4. A variety of exploits in the public domain


Let's take a look at each of these.


DDoS


Like the traditional DDoS attacks, these system interfaces can be overwhelmed with 'junk" traffic. By doing so, you make the interfaces unavailable to the administrator. In most cases, this systems are administered via port 502 but some use an HTTP connection on port 80 or SSH on port 21. Scan the system first and check to see what ports are open and then throw as much junk as you can at them. zmap would be an appropriate tool here as a DoS tool.



Default Passwords


Surprisingly, many system still use default passwords to login. If so, you can take control of the system and shut it down. If you have viewed my SCADA Hacking and Security videos, you will see that I have often been able to login to these systems with default credentials.


Here is a list of some of the default passwords on Schneider systems.





modbus-cli


modbus-cli is simple, command line tool that is capable of sending commands into a modbus-based system through port 502. If one can send commands to the modbus-based PLC, the possibilities become endless. If you know what you are doing, you can wreak havoc on the underlying system. To read how to use this tool. click here.


Exploits


The Schneider Electric systems are notoriously vulnerable to exploitation. Even though they have become more secure in recent years, a simple search of the CVE database shows 4 vulnerabilities in the last year with a CVSS score of 9.3!




I have downloaded the complete list in text file for you to download below.

schneider vuln
.txt
Download TXT • 21KB

When we check the exploit-db database, we can find numerous exploits against Schneider systems. One recent one has been ported to Metasploit making it simple and easy to use.



This is the Schneider Electric Pelco Endura NET55XX Encoder exploit from 2019 in Metasploit. Use it wisely.



For more SCADA/ICS Metasploit modules, click here


Update


Team OneFist, a group of volunteer hackers led by Voltage, destroys a gas plant in Russia. To read more about it, click here.




Summary


Remember, do not attack these systems unless Russia attacks first! SCADA/ICS systems are the backbone of a modern economy. They include electrical, communication, energy, water, manufacturing and man other systems. The victims of such an attack are innocent civilians, that is why it is the nuclear option.


For more on this critical field of SCADA/ICS Hacking, click here or join Hackers-Arise and attend our next SCADA/ICS Hacking and Security training.


Recent Posts

See All

11 Comments


astriddavina54
astriddavina54
Jan 03, 2023

Contact him for any type of hacking, he is a professional hacker that specializes in exposing cheating spouses, and every other hacking related issues. he is a cyber guru, he helps catch cheating spouses by hacking their communications like call, Facebook, text, emails, Skype, whats-app and many more. I have used this service before and he did a very good job, he gave me every proof I needed to know that my fiancee was cheating. You can contact him on his email to help you catch your cheating spouse, or for any other hacking related problems, like hacking websites, bank statement, grades and many more. he will definitely help you, he has helped a lot of people, contact him on,…

Like

Hire a professional cell Phone Hacker who has the skills that can grant you remotely access to your spouse cell phone and grant access to cheating spouse cell phone information on their cell phone. He can also use he skills to spy on other people’s cell phones device. It is also known as a cell phone spy who are capable to provide you all you require to infiltrate any type of smartphone and iPhone. I was able to got access to partner iPhone, the job was prefect to the extended he didn’t knowing anything about it, was so prefect you can conatct him via kelvinethicalhacker @ gmail. com. reach to him to help spy on your cheating spouse.

Like

lucyj7537
lucyj7537
Dec 15, 2022

I’m excited to write about Henry Hacker, he is a great and brilliant hacker who penetrated my spouse’s phone without a physical installation app. And I was able to access my spouse’s phone, SMS, Whatsapp, Instagram, Facebook, Wechat, Snapchat, Call Logs, Kik, Twitter and all social media. The most amazing thing there is that he restores all phone deleted text messages. And I also have access to everything including the phone gallery without touching the phone.I can see the whole secret of my spouse. Contact him for any hacking service. He is also a genius in repairing Credit Score, increasing school grade, Clear Criminal Record etc. His service is fast. Contact:, Henryclarkethicalhacker @ gmail .com and you can on whatsapp…

Like

Hi everyone... I am Mike Luciano and I’m so addicted to winning the lottery. I’ve just scooped my FOURTH jackpot of $1million – taking my total winnings to $4.6million through the help of one legit spell caster named Dr Amber. My first ever win was $100,000. Last year, I won $500,000 from the Pennsylvania state lottery and I also won $3 million in 2016 bringing the grand total of my winnings to $4.6 million. All my winnings have been made possible with the numbers given to me by Dr Amber. I've been so blessed, winning big three times in my lifetime. His spell casting is unique and safe unlike some fake spell casters that are just after your money without…


Like

effective and powerfull love spell to return ex lover contact dr jumba Call/WhatsApp him: +27787390989 my fiance broke up with me last week i was so sad I changed completely, I wasn't eating and i wasn't talking to anybody, I cried a lot,I was so depressed and stressed out that I was scared I'm going to end up in the hospital because of all the stress and depression until one day i search online on getting love tips because I Love & care about him deeply and I just want us to be together as a couple again and I want us to last forever then i found a powerful spell caster Called Dr Mahlangu that he solved so m…


Like
bottom of page