Security News > 2022 > April > US critical infrastructures targeted by complex malware
US critical infrastructures targeted by complex malware.
The Department of Energy, the Cybersecurity and Infrastructure Security Agency, the National Security Agency and the Federal Bureau of Investigation are warning the US energy sector that certain APT threat actors have exhibited the capability to gain full system access to multiple industrial control system and supervisory control and data acquisition devices.
Several of the attacker tools are exposed in the advisory based on the targeted hardware.
Rapidly scan a local network for all Schneider PLCs. Brute-force PLCs passwords using CODESYS and other available device protocols against defaults or dictionary word list.
Poll for specific devices connected to PLCs. Back up/restore arbitrary files to/from PLCs. Load a custom malicious agent on OMRON PLCs for additional attack operations.
Also See Share: US critical infrastructures targeted by complex malware.
News URL
https://www.techrepublic.com/article/us-critical-infrastructure-targeted-malware/
Related news
- Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware (source)
- China reportedly admitted directing cyberattacks on US infrastructure (source)
- Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT (source)
- CISA warns of hackers targeting critical oil infrastructure (source)
- Kubernetes has grown up: From testbed to critical infrastructure (source)