How to Protect Against FrostyGoop: ICS Malware Targeting Operational Technology

Dragos discovered FrostyGoop, a Golang ICS malware that communicates over Modbus TCP (port 502) and can directly interact with ENCO controllers; Dragos assesses it was likely used in a disruptive attack on a Ukrainian district heating provider that caused a two-day loss of service. The malware evades many antivirus products, Dragos has published IOCs and platform detections, and the report recommends OT-native monitoring, asset inventory checks, network segmentation, and SANS ICS controls to mitigate risk.