Security News > 2022 > April > Threat group builds custom malware to attack industrial systems

Hackers have created custom tools to control a range of industrial control system and supervisory control and data acquisition devices, marking the latest threat to a range of critical infrastructure in the United States, according to several government agencies.

The tools enable threat groups to scan for, compromise, and eventually control affected device after gaining initial access to an organization's operational technology networks.

"It's important to note that while this alert calls out tools for gaining access to specific industrial control systems, there's a bigger picture threat that involves more of the industrial control environment," Erlin said.

"Attackers need an initial point of compromise to gain access to the industrial control systems involved, and organizations should build their defenses accordingly."

"The APT actors can leverage the modules to scan for targeted devices, conduct reconnaissance on device details, upload malicious configuration/code to the targeted device, back up or restore device contents, and modify device parameters."

Along with isolating ICS and SCADA systems and leveraging multifactor authentication, the US agencies also are recommending such steps as having a cyber-incident plan in place, changing all passwords to targeted devices and systems and using strong passwords, maintain backups, implementing strong log collection and retention from ICS and SCADA systems and ensuring that applications are installed only when necessary for operation.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/04/14/hackers-custom-malware-ics-scada/