Attackers hijack solar panel monitoring devices in Japan

  • June 4, 2024
  • Michael Nadeau

Japanese media has reported that a cyberattack that hijacked 800 SolarView Compact remote monitoring devices to enable bank account thefts. The devices, made by Japanese industrial control manufacturer Contec, are used at solar power generation facilities. Contec has confirmed the attack and said that the perpetrators used a known vulnerability to install a backdoor that gave them control of the devices. The company has informed its customers and urged them to update their systems.

A South Korean security firm, S2W, identified the threat actor that carried out the attack as Arsenal Depository, also known as Hacker CN, and likely is either Russian or Chinese. Hacker CN was involved in earlier attacks that targeted Japanese infrastructure.

This attack did not affect Japan’s power grid, as the motive appears to be financial gain by using the devices to commit bank fraud. However, experts say similar attacks that target solar inverters, which convert DC power to AC. Inverters are typically connected to the internet. Techniques similar to those used in the attack on SolarView Compact devices could allow threat actors to disrupt the electric grid. If attackers also gain access to central control systems, then multiple solar installations could be affected.

The risk extends to homes and businesses that have installed solar panels, too, if an attacker gains access and changes inverter configurations to change voltages or frequencies. One possible outcome is physical damage to electronic devices.

Government authorities have been aware of this threat for awhile. The U.S. Department of Energy (DOE), for example, issued a warning in 2022 regarding the risk of a cyberattack on inverters. The threat to inverters is addressed in the IEEE 1547-2018 standard for inverters, which sets requirements for security and reliability.