INCONTROLLER/PIPEDREAM malware targeting ICS/SCADA devices
Several government agencies (DOE, CISA, NSA, and FBI) have issued a joint security advisory to warn about an APT threat, called INCONTROLLER/PIPEDREAM, which has been developed to attack industrial control and automation systems (ICS/SCADA) by the CHERNOVITE activity group.
The creators of this APT have developed custom tools to target these ICS/SCADA devices. These tools allow them to find, compromise and control the affected devices once they have established initial access to the operational technology (OT) network. In addition, developers can compromise Windows-based engineering workstations, which may be present in IT or OT environments, using an exploit that compromises an ASRock motherboard driver with known vulnerabilities. By compromising and maintaining full system access to ICS/SCADA devices, APT actors could elevate privileges, move laterally within a TO environment and disrupt critical functions or devices.
- 13/04/2022 mandiant.com INCONTROLLER: New State-Sponsored Cyber Attack Tools Target Multiple Industrial Control Systems
- 13/04/2022 dragos.com CHERNOVITE’s PIPEDREAM Malware Targeting Industrial Control Systems (ICS)
- 13/04/2022 dragos.com PIPEDREAM: CHERNOVITE’S EMERGING MALWARE TARGETING INDUSTRIAL CONTROL SYSTEMS
- 13/04/2022 wired.com Feds Uncover a ‘Swiss Army Knife’ for Hacking Industrial Control Systems
- 14/04/2022 cisa.gov APT Cyber Tools Targeting ICS/SCADA Devices
- 14/04/2022 computerweekly.com Incontroller ICS malware has ‘rare, dangerous’ capabilities, says Mandiant
- 14/04/2022 techtarget.com U.S. government, security vendors warn of new ICS malware
- 14/04/2022 securityweek.com Russia-Linked Pipedream/Incontroller ICS Malware Designed to Target Energy Facilities
- 14/04/2022 reuters.com U.S. says advanced hackers have shown ability to hijack critical infrastructure
- 18/04/2022 incibe-cert.es INCONTROLLER/PIPEDREAM: amenaza APT dirigida a dispositivos SCI/SCADA