Sandworm wasn’t after emails and Word docs. It was targeting files used by industrial engineers. One of Trend Micro’s researchers had previously worked at Peabody Energy, the world’s largest coal producer. This gave him a unique window into what they were seeing. Sandworm’s attackers were targeting “.cim” and “.bcl” files, two file types used by General Electric’s industrial control Cimplicity software—the same software Peabody’s engineers used to remotely check on their mining equipment. That very same GE software was used by industrial engineers the world over. It was a human-machine
...more
