1、#SECTORCA BlackHatEventsTracing Adversary Steps through Cyber-Physical Attack LifecycleDr.-Eng.Marina KrotofilCyber-Physical Exploitation:#SECTORCA BlackHatEventsIn the Recent NewsHackers opened a full valve at dam facility in Bremanger,Norway07 April,2025Hackers obtained control over the minimum wa
2、ter flow valve.Even with valve opened to 100%,the incident did not result in any unwanted consequences as the water flow was still significantly below flood calculation for the dam and river is.Systems design wasnt hacker friendly.Rural Texas towns report cyber attacks that caused one water system t
3、o overflow18 January,2024Hackers obtained access to water systems HMI and caused a water tower to overflow for 45 minutes,leading to a waste of fresh water.There was no auto shutoff mechanism when the water level in the tower reached high level.Systems design was hacker friendly.#SECTORCA BlackHatEv
4、entsHMI-Based Attacks(video)Straightforward attack scenario,minimal complexity,nuisance impact.(attackers identified and indicted)#SECTORCA BlackHatEventsComplex Attacks with Lasting EffectBlack Hat USA 2015|Rockig the Pocket Book Chemical plant,Vinyl Acetate production(2013)https:/www.lont- scenari
5、o:Persistent economic damageHere is a plant.What is your plan?J.Larsen.Breakage.Black Hat Federal(2007)#SECTORCA BlackHatEventsPersisting Misconception about OT Attacks Current public presentation of of threat actor capabilities is largely driven by the need to raise awareness about potential implic
6、ations of cyber-physical attacksHowever,threat actors didnt publicly showcase significant evolvement of the cyber-physical exploitation skills(yet)This is the same malware used against targets with the sameSCADA system(s)20162016202220222023202320232023#SECTORCA BlackHatEventsPersisting Misconceptio