Phase two of the Slumbertown Mill ICS attack
Having full access to the IT network and having taken control of a computer that has a network interface card for both the IT as well as the OT network, the Slumbertown Mill attacker can now start phase 2 of the ICS attack. This is the part where the real objective of the attack is accomplished. Were this a more commonplace drive-by attack or a mass email malware campaign, phase 2 would most likely not have been the objective. The fact that the attacker spent time targeting one specific victim and prepared the attack meticulously shows the skillset and the motivation of the attacker. Their objective wasn't to grab credit cards or personal information databases. Using the MES client PC as a pivot point and finding a way into the ICS network, the attacker clearly shows that their intentions are to somehow disrupt control system functionality or steal some sort of valuable information, such as a proprietary recipe or custom build control program...