Skip to content
MalwareWiki

Malware

LIGHTWORK

According to Mandiant, LIGHTWORK is a disruption tool written in C++ that implements the IEC-104 protocol to modify the state of RTUs over TCP.

LIGHTWORK is a Windows malware family.

Background

Mandiant describes LIGHTWORK as a C++ disruption tool that uses the IEC-104 protocol to alter the state of RTUs over TCP. It builds configurable IEC-104 ASDU messages to toggle RTU IOAs ON or OFF, and operates alongside PIEHOP, which prepares its execution.

Source: Malpedia (Fraunhofer FKIE).