high_confidence
FrostyGoop Incident
[FrostyGoop Incident](https://attack.mitre.org/campaigns/C0041) took place in January 2024 against a municipal district heating company in Ukraine. Following initial access via likely exploitation of external facing services, [FrostyGoop](https://attack.mitre.org/software/S1165) was used to manipulate ENCO control systems via legitimate Modbus commands to impact the delivery of heating services to Ukrainian civilians.(Citation: Dragos FROSTYGOOP 2024)(Citation: Nozomi BUSTLEBERM 2024)
Start date
1 January 2024
End date
1 January 2024
Techniques
5
Attributed actors
Techniques (5)
command-and-control1
T1071Application Layer Protocol
credential-access1
T1003.002Security Account Manager
defense-impairment1
T1689Downgrade Attack
initial-access1
T1190Exploit Public-Facing Application
persistence1
T1505.003Web Shell
Indicators of compromise
No IOCs linked to this campaign yet.