Security News > 2022 > April > US critical infrastructures targeted by complex malware
US critical infrastructures targeted by complex malware.
The Department of Energy, the Cybersecurity and Infrastructure Security Agency, the National Security Agency and the Federal Bureau of Investigation are warning the US energy sector that certain APT threat actors have exhibited the capability to gain full system access to multiple industrial control system and supervisory control and data acquisition devices.
Several of the attacker tools are exposed in the advisory based on the targeted hardware.
Rapidly scan a local network for all Schneider PLCs. Brute-force PLCs passwords using CODESYS and other available device protocols against defaults or dictionary word list.
Poll for specific devices connected to PLCs. Back up/restore arbitrary files to/from PLCs. Load a custom malicious agent on OMRON PLCs for additional attack operations.
Also See Share: US critical infrastructures targeted by complex malware.
News URL
https://www.techrepublic.com/article/us-critical-infrastructure-targeted-malware/