Loss of View

From attackics
Jump to navigation Jump to search
Loss of View
ID T829
Tactic Impact
Asset Human-Machine Interface, Engineering Workstation


Adversaries may cause a sustained or permanent loss of view where the ICS equipment will require local, hands-on operator intervention; for instance, a restart or manual operation. By causing a sustained reporting or visibility loss, the adversary can effectively hide the present state of operations. This loss of view can occur without affecting the physical processes themselves.123

Procedure Examples

  • Industroyer's data wiper component removes the registry "image path" throughout the system and overwrites all files, rendering the system unusable.4
  • KillDisk erases the master boot record (MBR) and system logs, leaving the system unusable.5
  • Some of Norsk Hydro's production systems were impacted by a LockerGoga infection. This resulted in a loss of view which forced the company to switch to manual operations.67