US warns a novel malware could disrupt nations’ critical infrastructure
A new strain of malware targets industrial control systems (ICS) and could disrupt critical infrastructure. It’s suspected the malware might be of Russian origin.
A joint advisory issued by CISA, NSA, FBI, and the Department of Energy (DoE) warns that state-sponsored hackers have developed a tool to take over ICS and supervisory control and data acquisition (SCADA) devices.
Among those devices are Schneider Electric programmable logic controllers (PLCs), OMRON Sysmac NEX PLCs, and Open Platform Communications Unified Architecture (OPC UA).
According to the advisory, government-backed hackers have developed a custom-made tool that enables threat actors to scan for, compromise, and control affected devices once they’re connected to the operational technology (OT) network.
“By compromising and maintaining full system access to ICS/SCADA devices, APT actors could elevate privileges, move laterally within an OT environment, and disrupt critical devices or functions,” reads the advisory.
The advisory urges critical infrastructure firms, especially ones working in the energy sector, to mitigate these risks.
A blog post from cybersecurity firm Dragos claims that security researchers have been monitoring the malware since early 2022. Researchers think the malware, they named ‘Pipedream,’ has not yet been employed for destructive effects.
“Dragos assesses with high confidence this was developed by a state actor with the intent on deploying it to disrupt key infrastructure sites,” Dragos’ CEO Robert M. Lee explained in a Twitter post.
Meanwhile, security researchers at Mandiant, who named the malware ‘INCONTROLLER,’ believe the malware is functionally consistent with what Russia has used in prior cyber-physical attacks in Ukraine in 2015 and 2016.
“Given the consistencies with prior Russia-nexus threat activity, we suggest that INCONTROLLER poses the greatest threat to Ukraine, NATO member states, and other states actively responding to Russia’s invasion of Ukraine,” reads the blog post.
Researchers told the Washington Post that the malware was likely meant for liquefied natural gas (LNG) plants. LNG is critical in replacing vital Russian export – natural gas.
The push to reduce dependency on Russian energy comes after Moscow’s troops invaded Ukraine, prompting US, EU, and NATO members to sanction the country over its aggression.
The CISA warning comes a day after Ukraine announced its Computer Emergency Response Team (CERT-UA) successfully prevented Russian hackers from attacking the country’s electrical grid with Industroyer2 malware.
According to the United Nations, the Russian invasion of Ukraine has created the ‘fastest-growing refugee crisis in Europe since World War II.’ Over 10 million people were displaced due to the conflict, with over 4.5 million fleeing the country.
Witness testimonies from Ukrainian towns Russian forces have occupied for close to a month point to severe human rights violations and targeted lethal attacks against civilians.
Reports of “gross and systematic violations and abuses of human rights” got Russia suspended from the UN Human Rights Council.