Security News > 2022 > April > U.S. Warns of APT Hackers Targeting ICS/SCADA Systems with Specialized Malware

The U.S. government on Wednesday warned of nation-state actors deploying specialized malware to maintain access to industrial control systems and supervisory control and data acquisition devices.
"The APT actors have developed custom-made tools for targeting ICS/SCADA devices," multiple U.S. agencies said in an alert.
The intent, the agencies said, is to leverage the access to ICS systems to elevate privileges, move laterally within the networks, and sabotage mission-critical functions in liquified natural gas and electric power environments.
Industrial cybersecurity company Dragos, which has been tracking the malware under the name "PIPEDREAM" since early 2022, described it as a "Modular ICS attack framework that an adversary could leverage to cause disruption, degradation, and possibly even destruction depending on targets and the environment."
The state-sponsored malware, which it has named INCONTROLLER, is designed to "Interact with specific industrial equipment embedded in different types of machinery leveraged across multiple industries" by means of industrial network protocols such as OPC UA, Modbus, and CODESYS. That said, it's unclear as yet how the government agencies as well as Dragos and Mandiant found the malware.
To mitigate potential threats and secure ICS and SCADA devices, the agencies are commending organizations to enforce multi-factor authentication for remote access, periodically change passwords, and continuously be on the lookout for malicious indicators and behaviors.
News URL
https://thehackernews.com/2022/04/us-warns-of-apt-hackers-targeting.html
Related news
- China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign (source)
- DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks (source)
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures (source)