US agencies: Industrial control system malware discovered

Apr 13, 2022, 12:49 PM | Updated: Apr 14, 2022, 11:48 am

BOSTON (AP) — Multiple U.S. government agencies issued a joint alert Wednesday warning of the discovery of a suite of malicious cyber tools created by unnamed advanced threat actors that are capable of sabotaging the energy sector and other critical industries.

The public alert from the Energy and Homeland Security Departments, the FBI and National Security Agency did not name the actors or offer details on the find. But their private sector cybersecurity partners said the evidence suggests Russia is behind the industrial control system-disrupting tools — and that they were configured to initially target North American energy concerns.

One of the cybersecurity firms involved, Mandiant, called the tools “exceptionally rare and dangerous.”

In a report, it called the tools’ functionality was “consistent with the malware used in Russia’s prior physical attacks” though it acknowledged that the evidence linking it to Moscow is “largely circumstantial.”

The CEO of another government partner, Robert M. Lee of Dragos, agreed that a state actor almost certainly crafted the malware, which he said was configured to initially target liquified natural gas and electric power sites in North America.

Lee referred questions on the state actor’s identity to the U.S. government and would not explain how the malware was discovered other than to say it was caught “before an attack was attempted.”

“We’re actually one step ahead of the adversary. None of us want them to understand where they screwed up,” said Lee. “Big win.”

The Cybersecurity and Infrastructure Security Agency, which published the alert, declined to identify the threat actor.

The U.S. government has warned critical infrastructure industries the gird for possible cyberattacks from Russia as retaliation for severe economic sanctions imposed on Moscow in response to its Feb. 24 invasion of Ukraine.

Officials have said that Russian hacker interest in the U.S. energy sector is particularly high, and CISA urged it in a statement Wednesday to be especially mindful of the mitigation measures recommended in the alert. Last month, the FBI issued an alert saying Russian hackers have scanned at least five unnamed energy companies for vulnerabilities.

Lee said the malware was “designed to be a framework to go after lots of different types of industries and be leveraged multiple times. Based on the configuration of it, the initial targets would be LNG and electric in North America.”

Mandiant said the tools pose the greatest threat to Ukraine, NATO members and other states assisting Kyiv in its defense against Russian military aggression.

It said the malware could be used to shut down critical machinery, sabotage industrial processes and disable safety controllers, leading to the physical destruction of machinery that could lead to the loss of human lives. It compared the tools to Triton, malware traced to a Russian government research institute that targeted critical safety systems and twice forced the emergency shutdown of a Saudi oil refinery in 2017 and to Industroyer, the malware that Russian military hackers used the previous year to trigger a power outage in Ukraine.

Lee said the newly discovered malware, dubbed Pipedream, is only the seventh such malicious software to be identified that is designed to attack industrial control systems.

Lee said Dragos, which specializes in industrial control system protection, identified and analyzed its capability in early 2022 as part of its normal business research and in collaboration with partners.

He would offer no more specifics. In addition to Dragos and Mandiant, the U.S. government alert offers thanks to Microsoft, Palo Alto Networks and Schneider Electric for their contributions.

Schneider Electric is one of the manufacturers listed in the alert whose equipment is targeted by the malware. Omron is another.

Mandiant said it had analyzed the tools in early 2002 with Schneider Electric.

In a statement, Palo Alto Networks executive Wendi Whitmore said: “”We’ve been warning for years that our critical infrastructure is constantly under attack. Today’s alerts detail just how sophisticated our adversaries have gotten.”

Microsoft had no comment.

AP writer Alan Suderman contributed from Richmond, Virginia

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

AP

This photo provided by Robert Wilkes, owner of a house boat management company, shows smoke rising ...

Associated Press

Houseboats catch fire while docked at Wahweap Marina on Lake Powell

More than half a dozen house boats momentarily caught fire at a popular boating destination on the Utah-Arizona line on Friday.

22 hours ago

File - Women work in a restaurant kitchen in Chicago, Thursday, March 23, 2023. On Friday, the U.S....

Associated Press

US hiring, unemployment jump in May and what that says about the economy

The nation’s employers stepped up their hiring in May, adding a robust 339,000 jobs, well above expectations.

22 hours ago

(Pixabay Photo)...

Associated Press

Oath Keeper from Arizona sentenced for role in Jan. 6 riot at US Capitol

Edward Vallejo, a U.S. Army veteran from Phoenix, oversaw a “Quick Reaction Force” at a Virginia hotel that was prepared to deploy an arsenal of weapons into Washington if needed, authorities say.

2 days ago

FILE - U.S. Border Patrol Chief Raul Ortiz listens during a news conference, Jan. 5, 2023, in Washi...

Associated Press

US Border Patrol chief is retiring after seeing through end of Title 42 immigration restrictions

The head of the U.S. Border Patrol announced Tuesday that he was retiring, after seeing through a major policy shift that seeks to clamp down on illegal crossings at the U.S.-Mexico border following the end of Title 42 pandemic restrictions.

3 days ago

FILE - President Joe Biden talks with House Speaker Kevin McCarthy of Calif., on the House steps as...

Associated Press

House OKs debt ceiling bill to avoid default, sends Biden-McCarthy deal to Senate

The House approved a debt ceiling and budget cuts package late Wednesday, as President Joe Biden and Speaker Kevin McCarthy assembled a bipartisan coalition of centrist Democrats and Republicans against fierce conservative blowback and progressive dissent.

3 days ago

Sean Bickings (Family Photo via city of Tempe)...

Associated Press

Family of man who drowned last year in Tempe Town Lake files wrongful death lawsuit

The family of a man who drowned in Tempe Town Lake a year ago filed a wrongful death lawsuit against the city Wednesday, noting that its police department doesn't have a policy requiring officers to go into the water to save someone.

3 days ago

Sponsored Articles

...

SANDERSON FORD

Thank you to Al McCoy for 51 years as voice of the Phoenix Suns

Sanderson Ford wants to share its thanks to Al McCoy for the impact he made in the Valley for more than a half-decade.

...

re:vitalize

Why drug-free weight loss still matters

Wanting to lose weight is a common goal for many people as they progress throughout life, but choosing between a holistic approach or to take medicine can be a tough decision.

(Photo: OCD & Anxiety Treatment Center)...

OCD & Anxiety Treatment Center

Here’s what you need to know about OCD and where to find help

It's fair to say that most people know what obsessive-compulsive spectrum disorders generally are, but there's a lot more information than meets the eye about a mental health diagnosis that affects about one in every 100 adults in the United States.

US agencies: Industrial control system malware discovered