Trojan Found on SCADA Server

Event Year: 2006 Reliability: Confirmed
Country: Russia
Industry Type: General Manufacturing
Description:

A redundant SCADA server pair were having communication issues between themselves and other SCADA servers.  After several modifications and a rebuild, the AV was enabled and it located numerous instances of the Trojan ‘Generic Backdoor.k’ on one machine. This was removed and all other devices on the LAN were tested. No other machines were infected.

This proved not to be the cause of the communication problems; however, the USB hard disk used for taking hard drive images was tested and also found to have the same Trojan. It is not clear if this was the source of the Trojan as the plant had just been commissioned and removable media had been used during this period for making modifications.

Impact:

It took time for several engineers to test all machines.

Action Description: The use of removable media is now banned on site and the USB hard disk for hard disk images was tested before being used.