Security News > 2022 > April > Feds: APTs Have Tools That Can Take Over Critical Infrastructure
Threat actors have built and are ready to deploy tools that can take over a number of widely used industrial control system devices, which spells trouble for critical infrastructure providers-particularly those in the energy sector, federal agencies have warned.
In a joint advisory, the Department of Energy, the Cybersecurity and Infrastructure Security Agency, the National Security Agency and the FBI caution that "Certain advanced persistent threat actors" have already demonstrated the capability "To gain full system access to multiple industrial control system/supervisory control and data acquisition devices," according to the alert.
The custom-made tools developed by the APTs allow them-once they've gained access to the operational technology network-to scan for, compromise and control affected devices, according to the agencies.
The agencies provided a breakdown of the modular tools developed by APTs that allow them to conduct "Highly automated exploits against targeted devices," they said.
Actions the APTs can take using the modules include: scanning for targeted devices, conducting reconnaissance on device details, uploading malicious configuration/code to the targeted device, backing up or restoring device contents, and modifying device parameters.
The flaw allows for the execution of malicious code in the Windows kernel, facilitating lateral movement an IT or OT environment as well as the disruption of critical devices or functions.
News URL
https://threatpost.com/feds-apts-critical-infrastructure/179291/