UUS Agencies Warn: Custom-Made Hacking Tools Could Gain Full Access To Critical Infrastructure

14 April, 2022

No Comments

Several advanced persistent threat (APT) actors have created custom-made tools designed to breach IT equipment used in critical infrastructure facilities, according to a new advisory from multiple US agencies, announced by The Record.

The official alert was released yesterday (Wednesday) by the Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI), The agencies warned critical infrastructure operators of potential attacks targeting multiple industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices.

Time to focus on ICS/SCADA. Isolating ICS/SCADA networks and limiting connections, along with strong passwords/monitoring, aren't new mitigations but they help critical infrastructure defenders prevent disruptions stop threat actors from their objectives. https://t.co/oEwFee2Cbd

— Dave Luber (@NSA_CSDirector) April 13, 2022

The alert says the tools used in the attacks were designed specifically for Schneider Electric programmable logic controllers (PLCs), OMRON Sysmac NEX PLCs, and Open Platform Communications Unified Architecture (OPC UA) servers.

The agencies urged energy sector organizations and other critical infrastructure facilities to implement the detection and mitigation recommendations provided in the alert.

The alert said the actors are specifically targeting Schneider Electric MODICON and MODICON Nano PLCs, including TM251, TM241, M258, M238, LMC058, and LMC078; and OMRON Sysmac NJ and NX PLCs, including NEX NX1P2, NX-SL3300, NX-ECC203, NJ501-1300, S8VK, and R88D-1SN10F-ECT.

Robert Lee, CEO of security company Dragos, said the company has been tracking an ICS-specific malware called PIPEDREAM that was developed by a group they named CHERNOVITE.

Lee said the malware initially targets Schneider Electric and Omron controllers and takes advantage of native functionality in operations, making it more difficult to detect.

“It includes features such as the ability to spread from controller to controller and leverage popular ICS network protocols such as ModbusTCP and OPC UA,” Lee explained. “Uniquely, this malware has not been employed in target networks. This provides defenders a unique opportunity to defend ahead of the attacks.”

Lee noted that they assess “with high confidence“ that CHERNOVITE is a state actor that created the PIPEDREAM malware for use in disruptive or destructive operations against ICS.

“Specifically the initial targeting appears to be liquid natural gas and electric community specific. However, the nature of the malware is that it works in a wide variety of industrial controllers and systems,” Lee added.

CISA has released several warnings about attacks on energy facilities since the invasion of Ukraine by Russia.

acquisition, Actors, advanced, Agencies, APT, attacks, breach, CEO, CHERNOVITE, CISA, community, control, controllers, critical, custom-made tools, Cybersecurity and Infrastructure Security Agency, data, Department of Energy, devices, DOE, Dragos, electric, equipment, facilities, Federal Bureau of Investigation FBI, gas, ICS, Industrial, infrastructure, IT, liquid, malware, multiple, National Security Agency, Natural, NSA, Omron, OMRON Sysmac NEX PLCs, OPC UA, Open Platform Communications Unified Architecture, persistent, PIPEDREAM, potential, Robert Lee, SCADA, Schneider Electric, servers, Several, supervisory, Systems, targeting, threat, US, UUS, warnings

UUS Agencies Warn: Custom-Made Hacking Tools Could Gain Full Access To Critical Infrastructure

Most popular in DevStyleR

Microsoft Expands Data Center Capacity

Meta Launches First Two Llama 3 Models

GitLab Releases GitLab Duo Chat with 40+ New Features

From Competitions in Informatics to MIT – Rumen Hristov’s Formula for Success

OpenSSF, CISA and DHS Join Forces in New Open Source Project

Contact Us