Security News > 2022 > April > US critical infrastructures targeted by complex malware
US critical infrastructures targeted by complex malware.
The Department of Energy, the Cybersecurity and Infrastructure Security Agency, the National Security Agency and the Federal Bureau of Investigation are warning the US energy sector that certain APT threat actors have exhibited the capability to gain full system access to multiple industrial control system and supervisory control and data acquisition devices.
Several of the attacker tools are exposed in the advisory based on the targeted hardware.
Rapidly scan a local network for all Schneider PLCs. Brute-force PLCs passwords using CODESYS and other available device protocols against defaults or dictionary word list.
Poll for specific devices connected to PLCs. Back up/restore arbitrary files to/from PLCs. Load a custom malicious agent on OMRON PLCs for additional attack operations.
Also See Share: US critical infrastructures targeted by complex malware.
News URL
https://www.techrepublic.com/article/us-critical-infrastructure-targeted-malware/
Related news
- SOCI Act 2024: Thales Report Reveals Critical Infrastructure Breaches in Australia (source)
- Food security: Accelerating national protections around critical infrastructure (source)
- New Tickler malware used to backdoor US govt, defense orgs (source)
- New Tickler malware used to backdoor US govt, defense orgs (source)
- SANS Institute Unveils Critical Infrastructure Strategy Guide for 2024: A Call to Action for Securing ICS/OT Environments (source)
- Russian military hackers linked to critical infrastructure attacks (source)
- 80% of Critical National Infrastructure Companies Experienced an Email Security Breach in Last Year (source)
- Despite Russia warnings, Western critical infrastructure remains unprepared (source)