U.S. government agencies are warning that state-backed hackers have developed custom malware that enables them to compromise and hijack commonly used industrial control system (ICS) devices.
The advisory, published jointly by the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, NSA, and the Department of Energy, warns that threat actors have developed a custom toolkit that enables them to scan for, compromise, and control ICS devices once they’re connected to the operational technology (OT) network. The tools are specifically designed to target programmable logic controllers (PLCs) made by Schneider Electric and Omron, neither of which returned our request for comment.
The hackers also have malware that leverages an exploit to target Windows systems with ASRock motherboards to execute malicious code and move laterally to and disrupt IT or OT environments.
“By compromising and maintaining full system access to ICS/SCADA devices, APT actors could elevate privileges, move laterally within an OT environment, and disrupt critical devices or functions,” the advisory warns.
While the federal agencies did not share any additional information on the hacking tools and malware mentioned in the advisory, security intelligence company Mandiant said it had been analyzing the ICS-oriented attack tools, which it has named Incontroller, since early 2022.
“Incontroller represents an exceptionally rare and dangerous cyber attack capability,” Mandiant wrote in its analysis of the threat, adding that it is comparable to Triton, Student, and Industroyer.
The latter was used by the Russia-backed Sandworm APT group to cut power in Ukraine in 2016, which left hundreds of thousands of customers without electricity two days before Christmas. A modified variant, dubbed “Industroyer2”, was recently deployed by the same attackers in an attempt to take down a Ukrainian energy provider, but the effort was successfully disrupted by the Computer Emergency Response Team of Ukraine (CERT-UA).
Mandiant added that Incontroller — which it says could be used to shut down critical machinery, sabotage industrial processes, and disable safety controllers — is “very likely” to be state-sponsored given its complexity and its “limited utility in financially motivated operations.” The cybersecurity firm said it couldn’t connect the malware with a known group, but said its activity is “consistent with Russia’s historical interest in ICS”.
Industrial cybersecurity startup Dragos has also been tracking the toolkit as “Pipedream”, which it said was created by a state-backed threat group called Chernovite that developed the malware in order to carry out “disruptive or destructive operations against ICS.”
Robert Lee, CEO and co-founder of Dragos, said that while the targeted controllers are common across a variety of industries, researchers believed the hackers’ intended targets were liquefied natural gas and electric facilities. However, he added that, to date, the malware has not been employed in target networks.
“This provides defenders a unique opportunity to defend ahead of the attacks,” Lee told TechCrunch, adding that Pipedream is only the seventh ever publicly known ICS-specific malware.
The U.S. government agencies urged critical infrastructure organizations, particularly those involved in energy, to take measures such as multi-factor authentication and consistent password changes to protect their control systems.
Hi there! My name is Peter Kavinsky, and I am an author at CableFreeTV.org. I am passionate about journalism, and I bring my years of experience and love for news to my role as a writer for this incredible platform.
I graduated from the University of California, Berkeley with a degree in Journalism, and I have spent the last ten years writing for a variety of news outlets. My experience includes covering topics such as politics, business, entertainment, and technology for major news organizations like The New York Times, CNN, and MSNBC.
As a writer for CableFreeTV.org, my primary responsibility is to collect and publish news articles from around the world. I am dedicated to providing our readers with accurate, reliable, and timely news coverage on a wide range of topics. I believe that access to quality news and information is crucial for a well-informed society, and I am committed to doing my part to ensure that our readers have the latest and most important news at their fingertips.
When I’m not writing, I enjoy reading, traveling, and spending time with my family. I am also a sports fan, and I love cheering on my favorite teams. As an author at CableFreeTV.org, I feel incredibly fortunate to be part of a team that is committed to providing our users with the best possible streaming experience and access to the latest news and information from around the world.