Security News > 2022 > April > US critical infrastructures targeted by complex malware
US critical infrastructures targeted by complex malware.
The Department of Energy, the Cybersecurity and Infrastructure Security Agency, the National Security Agency and the Federal Bureau of Investigation are warning the US energy sector that certain APT threat actors have exhibited the capability to gain full system access to multiple industrial control system and supervisory control and data acquisition devices.
Several of the attacker tools are exposed in the advisory based on the targeted hardware.
Rapidly scan a local network for all Schneider PLCs. Brute-force PLCs passwords using CODESYS and other available device protocols against defaults or dictionary word list.
Poll for specific devices connected to PLCs. Back up/restore arbitrary files to/from PLCs. Load a custom malicious agent on OMRON PLCs for additional attack operations.
Also See Share: US critical infrastructures targeted by complex malware.
News URL
https://www.techrepublic.com/article/us-critical-infrastructure-targeted-malware/
Related news
- New IOCONTROL malware used in critical infrastructure attacks (source)
- Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks (source)
- FBI wipes Chinese PlugX malware from over 4,000 US computers (source)
- FBI deletes Chinese PlugX malware from thousands of US computers (source)