Security News > 2022 > April > U.S. Warns of APT Hackers Targeting ICS/SCADA Systems with Specialized Malware

The U.S. government on Wednesday warned of nation-state actors deploying specialized malware to maintain access to industrial control systems and supervisory control and data acquisition devices.

"The APT actors have developed custom-made tools for targeting ICS/SCADA devices," multiple U.S. agencies said in an alert.

The intent, the agencies said, is to leverage the access to ICS systems to elevate privileges, move laterally within the networks, and sabotage mission-critical functions in liquified natural gas and electric power environments.

Industrial cybersecurity company Dragos, which has been tracking the malware under the name "PIPEDREAM" since early 2022, described it as a "Modular ICS attack framework that an adversary could leverage to cause disruption, degradation, and possibly even destruction depending on targets and the environment."

The state-sponsored malware, which it has named INCONTROLLER, is designed to "Interact with specific industrial equipment embedded in different types of machinery leveraged across multiple industries" by means of industrial network protocols such as OPC UA, Modbus, and CODESYS. That said, it's unclear as yet how the government agencies as well as Dragos and Mandiant found the malware.

To mitigate potential threats and secure ICS and SCADA devices, the agencies are commending organizations to enforce multi-factor authentication for remote access, periodically change passwords, and continuously be on the lookout for malicious indicators and behaviors.

News URL

https://thehackernews.com/2022/04/us-warns-of-apt-hackers-targeting.html