Security News > 2022 > April > U.S. Warns of APT Hackers Targeting ICS/SCADA Systems with Specialized Malware
![U.S. Warns of APT Hackers Targeting ICS/SCADA Systems with Specialized Malware](/static/build/img/news/u-s-warns-of-apt-hackers-targeting-ics-scada-systems-with-specialized-malware-medium.jpg)
The U.S. government on Wednesday warned of nation-state actors deploying specialized malware to maintain access to industrial control systems and supervisory control and data acquisition devices.
"The APT actors have developed custom-made tools for targeting ICS/SCADA devices," multiple U.S. agencies said in an alert.
The intent, the agencies said, is to leverage the access to ICS systems to elevate privileges, move laterally within the networks, and sabotage mission-critical functions in liquified natural gas and electric power environments.
Industrial cybersecurity company Dragos, which has been tracking the malware under the name "PIPEDREAM" since early 2022, described it as a "Modular ICS attack framework that an adversary could leverage to cause disruption, degradation, and possibly even destruction depending on targets and the environment."
The state-sponsored malware, which it has named INCONTROLLER, is designed to "Interact with specific industrial equipment embedded in different types of machinery leveraged across multiple industries" by means of industrial network protocols such as OPC UA, Modbus, and CODESYS. That said, it's unclear as yet how the government agencies as well as Dragos and Mandiant found the malware.
To mitigate potential threats and secure ICS and SCADA devices, the agencies are commending organizations to enforce multi-factor authentication for remote access, periodically change passwords, and continuously be on the lookout for malicious indicators and behaviors.
News URL
https://thehackernews.com/2022/04/us-warns-of-apt-hackers-targeting.html
Related news
- Iranian hackers pose as journalists to push backdoor malware (source)
- North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (source)
- North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign (source)
- Russian hackers use new Lunar malware to breach a European govt's agencies (source)
- Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal (source)
- Pakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian Targets (source)
- Russian Hackers Target Europe with HeadLace Malware and Credential Harvesting (source)
- Andariel Hackers Target South Korean Institutes with New Dora RAT Malware (source)
- Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in Ukraine (source)
- Hackers Exploit Legitimate Packer Software to Spread Malware Undetected (source)