Robotron Firewall Breach

The ECS-CERT issued an emergency order this morning to all manufacturers to stop downloading any updates or software from Robotron. Immanuel C. Securitage, spokesperson for ECS-CERT, said that the agency had been notified by Robotron that there had been a major security breach of their corporate system and that there were indicators that the attackers had altered product software. ECS-CERT is working with Robotron to determine exactly what products are affected. “We are suggesting that any facility that has downloaded Robotron software or updates within the last couple of weeks to consider shutting down operations pending a complete cybersecurity review of their industrial control system operations.” Securitage told reporters. Erich Mielke, CEO of Robotron, told reporters that there had been a firewall breach at their corporate headquarters, allowing the attackers full access to their networks. “We only noticed the breach after an investigation into unusual cyber activity in our product development department;” Mielke said, “We have confirmed that unauthorized changes have been made to the latest software update for our MotorSteuerung product.” A source at ECS-CERT that is not authorized to talk to the press told me that it looks like the attack on the Robotron corporate network could have been made with the HKFirewall tool that was reportedly developed by the Cyber Operations Agency. The COA has refused to comment on rumors about the tool. The Critical Infrastructure Security Operations Center (CI-SOC) has confirmed that it was monitoring the situation. “We know of at least one of our monitored facilities has had issues related to an apparently compromised Robotron device;” General Buck Turgidson, told reporters at a separate news conference this morning, “We are working closely with ECS-CERT on the issue.” CAUTIONARY NOTE: This is a future news story –Future ICS Security NewsRead More