SCADA Workstation Infected by W32/Korgo Worm

Event Year: 2004 Reliability: Confirmed
Country: United States
Industry Type: Power and Utilities

The SCADA operator workstations got hit with the W32/Korgo worm virus. They were out of service starting at 14:33 and one terminal was back by 16:15. The first terminal was back by 18:23. These three terminals were on the corporate Intranet outside the SCADA firewall.


Immediate installation of a Microsoft patch on all impacted workstations to correct the problem. Then rolled out Anti-virus software and the same Microdoft patch on all other SCADA workstations inside the SCADA fireweall. A new subnet and screening router for these three Intranet connected workstations was put into place.

Action Description: Working to roll out the Microsoft patches into the SCADA HMIs much quicker. McAffee epo agent was installed on all SCADA workstations to update dat files daily.