Get all your news in one place.
100’s of premium titles.
One app.
Start reading
The Independent UK
The Independent UK
National
Via AP news wire

US agencies: Industrial control system malware discovered

Copyright 2022 The Associated Press. All rights reserved.

Multiple U.S. government agencies issued a joint alert Wednesday warning of the discovery of malicious cyber tools created by unnamed advanced threat actors that they said were capable of gaining “full system access” to multiple industrial control systems.

The public alert from the Energy and Homeland Security Departments, the FBI and National Security Agency did not name the actors or offer details on the find.

But the CEO of one of the cybersecurity companies involved in the effort, Robert M. Lee of Dragos, says it has high confidence the malware was developed by a state actor and was configured to initially target liquified natural gas and electric power sites in North America.

Lee would not name the state actor, referring questions to the U.S. government. Nor would he explain how the malware was discovered, other than to say it was caught "before an attack was attempted.”

“We’re actually one step ahead of the adversary. None of us want them to understand where they screwed up,” said Lee. “Big win.”

The Cybersecurity and Infrastructure Security Agency, which published the alert, did not immediately respond to a request for details on the discovery or threat actor.

The U.S. government has warned critical infrastructure industries the gird for possible cyberattacks from Russia as retaliation for severe economic sanctions imposed on Moscow in response to its Feb. 24 invasion of Ukraine.

Lee said the malware was “designed to be a framework to go after lots of different types of industries and be leveraged multiple times. Based on the configuration of it, the initial targets would be LNG and electric in North America.”

He said the malware, dubbed Pipedream, is only the seventh such malicious software to be identified that is designed to attack industrial control systems.

Lee said Dragos, which specializes in industrial control system protection, identified and analyzed its capability in early 2022 as part of its normal business research and in collaboration with partners.

He would offer no more specifics The U.S. government alert offers thanks to Dragos, Mandiant, Microsoft. Palo Alto Networks and Schneider Electric for their contributions.

Schneider Electric is one of the manufacturers listed in the alert whose equipment is targeted by the malware. Omron is another.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.