In April 2024, FrostyGoop, an ICS malware, was discovered in a publicly available malware scanning repository. FrostyGoop can target devices communicating over Modbus TCP to manipulate control, modify parameters, and send unauthorized command messages. Modbus TCP is a commonly used protocol across all industrial sectors. 

The Cyber Security Situation Center (CSSC), a part of the Security Service of Ukraine, shared details with Dragos about a cyber attack that impacted a municipal district energy company in Ukraine in January 2024. At the time of the attack, this facility fed over 600 apartment buildings, supplying customers with central heating. Remediation of the incident took almost two days, during which time the civilian population had to endure sub-zero temperatures. Dragos assessed that FrostyGoop and internet-exposed ICS devices facilitated this attack. 

This brief provides a strategic summary of information on this OT threat and attack as reported in Dragos WorldView threat intelligence, with clear guidance for OT asset owners and operators.