Threat actors have developed custom modules to compromise various ICS devices as well as Windows workstations that pose an imminent threat, particularly to energy providers.
Threat actors have built and are ready to deploy tools that can take over a number of widely used industrial control system (ICS) devices, which spells trouble for critical infrastructure providers—particularly those in the energy sector, federal agencies have warned.
In a joint advisory, the Department of Energy (DoE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA) and the FBI caution that “certain advanced persistent threat (APT) actors” have already demonstrated the capability “to gain full system access to multiple industrial control system (ICS)/supervisory control and data acquisition (SCADA) devices,” according to the alert.
The custom-made tools developed by the APTs allow them–once they’ve gained access to the operational technology (OT) network–to scan for, compromise and control affected devices, according to the agencies. This can lead to a number of nefarious actions, including the elevation of privileges, lateral movement within an OT environment, and the disruption of critical devices or functions, they said.
Devices at risk are: Schneider Electric MODICON and MODICON Nano programmable logic controllers (PLCs),