Malware designed to Targeted industrial control systems such as power grids, factories, water works and oil refineries represent a rare type of digital lousy. So when the US government warned about a piece of code built to target not just one of those industries but potentially all of them, critical infrastructure owners around the world world should take note.
On Wednesday, the Department of Energy, the Cybersecurity and Infrastructure Administration, the NSA and the FBI jointly released a advisory about a new set of hacker tools capable of interfering with a wide range of industrial control system devices. More than any previous industrial control system attack kit, the malware contains a wide range of components designed to disrupt or control the operation of devices, including controllers. programmable logic (PLC) is sold by Schneider Electric and OMRON and is designed to serve as the interface between traditional computers and actuators and sensors in industrial environments. Another component of the malware is designed to target Open Platform Communications Unified Architecture (OPC UA) servers — the computers that communicate with those controllers.
“This is the most extensive industrial control system attack tool anyone has ever seen,” said Sergio Caltagirone, vice president of threat intelligence at industry-focused cybersecurity firm Dragos. ever recorded”. published its own report on malware. Researchers at Mandiant, Palo Alto Networks, Microsoft and Schneider Electric also contributed to the consultation. “It’s like a Swiss Army knife with a large number of pieces on it.”
Dragos says the malware has the ability to hijack target devices, disrupt or prevent operators from accessing them, immobilize them permanently, or even use them as a foothold. give hackers access to other parts of the industrial control system network. He noted that while the toolkit, which Dragos calls “Pipedream,” appears to specifically target Schneider Electric and OMRON PLCs, it does so by exploiting the underlying software in those PLCs that are embedded in the PLCs. called Codesys, is more widely used on hundreds of other PLCs. This means that malware can easily be adapted to work in almost any industrial environment. “The toolkit is so large that it is essentially free for everyone,” says Caltagirone. “There’s enough stuff here for people to worry about.”
The CISA advisory refers to an unnamed “APT agent” that has developed a malware toolkit that uses the popular acronym APT to refer to advanced persistent threat, a term that refers to state-sponsored hacker groups. It’s not clear where government agencies found the malware or which country’s hackers created it — although time advises later warning from the Biden administration about the Russian government’s preparations to carry out disruptive cyber attacks in the context of the country’s invasion of Ukraine.
Dragos also declined to comment on the source of the malware. But Caltagirone says it doesn’t appear to have actually been used against the victim — or at least, it has yet to exert actual physical effects on the victim’s industrial control systems. “We are very confident that it has not yet been deployed for disruptive or destructive effects,” Caltagirone said.
