New malware is raising the alarm about its ability to disrupt and potentially destroy industrial control systems.
US federal agencies today warned of the malware, describing it as a set of tools capable of hijacking several industrial control systems from France’s Schneider Electric and Japan’s Omron.
Security firm Dragos has reviewed the hacking tools and said they can “cause disruption, degradation, and possibly even destruction” depending on the industrial system being targeted.
“Dragos assesses with great confidence that this was developed by a state actor with the intent of deploying it to disrupt key infrastructure sites,” CEO Robert Lee said in a statement. Tweeter.
Security firm Mandiant also analyzed the hacking tools and agreed that they could be used to shut down critical machinery, sabotage industrial processes and disable security controllers, which could lead to physical destruction.
Mandiant says the tools contain three components, the first of which will search for servers that use an industrial networking protocol called OPC UA. The second component can hijack Schneider Electric industrial control systems to delete files, crash the device, or download additional payloads. Meanwhile, the third component is designed to alter Omron’s equipment.
Mandiant also said the toolkit contains two other components that can hijack Windows workstations. He dubbed the hacking tools “Incontroller” while Dragos calls them “Pipedream”.
The good news is that the hackers behind the malicious tools seem to have accidentally exposed them to security researchers. How Dragos and Mandiant reviewed the malware is unclear, but the two companies did so earlier this year with the help of partners including Schneider Electric.
Recommended by our editors
“This is the first time, to my knowledge, that an industrial cyber capability has been found before to its deployment for the intended effects,” Lee said. The company’s report goes on to state that the tools have yet to be discovered to attack an industrial system “in the wild.”
In the meantime, the security community is urging industrial operators to strengthen their defenses against hacking tools. Dragos points out that the affected devices are used in many industries, although the malware’s most likely targets are equipment used for liquefied natural gas and electric power environments.
The warning also comes days after security researchers discovered suspected Russian-made malware trying to disrupt Ukraine’s power grid. Mandiant added that the Incontroller cyber tools are “compatible with malware used in Russia’s previous physical cyber attacks.”
Do you like what you read ?
Register for Security Watch newsletter for our top privacy and security stories delivered straight to your inbox.