Hackers have developed custom tools to gain full system access to a number of industrial control system (ICS) and supervisory control and data acquisition (SCADA) devices, according to the US Cybersecurity and Infrastructure Security Agency (CISA).
The warning comes in a joint cybersecurity advisory released by the Department of Energy (DOE), CISA, the NSA, and the FBI that urges all critical infrastructure operators to immediately bolster the security of their ICS/SCADA devices and networks.
The custom-made tools have been developed for programmable logic controllers (PLCs) from Schneider Electric and OMRON Sysmac NEX, as well as Open Platform Communications Unified Architecture (OPC UA) servers.
CISA says the tools allow for “highly automated exploits” against targeted devices.
ICS security firm Dragos, which has studied the tools, dubs it Pipedream, the seventh-known piece of ICS-specific malware following Stuxnet, Havex, BlackEnergy, Crashoverride, and Trisis. It attributes the malware to an advanced persistent threat (APT) actor it calls Chevronite.
“Pipedream is a modular ICS attack framework that an adversary could leverage to cause disruption, degradation, and possibly even destruction depending on targets and the environment,” Dragos explains.