This session explores FrostyGoop (a.k.a. BUSTLEBERM), a newly uncovered OT-focused malware that broke ground in 2024 by directly targeting critical infrastructure. Known for its attack on a Ukrainian energy provider, FrostyGoop is the first malware to exploit Modbus TCP communications to impact a power supply, causing heating outages across 600 apartment buildings. We'll take a closer look at how this malware operates, both within a compromised network and from external internet-facing devices.

Through our in-depth analysis, we'll reveal new FrostyGoop samples and indicators we uncovered, including its configuration files, libraries, and distinct infection markers. Attendees will get a fresh perspective on how FrostyGoop communicates over networks, and we’ll share insights from OSINT data and telemetry findings. This talk highlights a landmark moment for OT malware, helping security professionals understand the evolving tactics behind these threats and the risks posed to industrial environments worldwide.