AP

US agencies: Industrial control system malware discovered

Apr 13, 2022, 12:49 PM | Updated: Apr 14, 2022, 11:48 am

BOSTON (AP) — Multiple U.S. government agencies issued a joint alert Wednesday warning of the discovery of a suite of malicious cyber tools created by unnamed advanced threat actors that are capable of sabotaging the energy sector and other critical industries.

The public alert from the Energy and Homeland Security Departments, the FBI and National Security Agency did not name the actors or offer details on the find. But their private sector cybersecurity partners said the evidence suggests Russia is behind the industrial control system-disrupting tools — and that they were configured to initially target North American energy concerns.

One of the cybersecurity firms involved, Mandiant, called the tools “exceptionally rare and dangerous.”

In a report, it called the tools’ functionality was “consistent with the malware used in Russia’s prior physical attacks” though it acknowledged that the evidence linking it to Moscow is “largely circumstantial.”

The CEO of another government partner, Robert M. Lee of Dragos, agreed that a state actor almost certainly crafted the malware, which he said was configured to initially target liquified natural gas and electric power sites in North America.

Lee referred questions on the state actor’s identity to the U.S. government and would not explain how the malware was discovered other than to say it was caught “before an attack was attempted.”

“We’re actually one step ahead of the adversary. None of us want them to understand where they screwed up,” said Lee. “Big win.”

The Cybersecurity and Infrastructure Security Agency, which published the alert, declined to identify the threat actor.

The U.S. government has warned critical infrastructure industries the gird for possible cyberattacks from Russia as retaliation for severe economic sanctions imposed on Moscow in response to its Feb. 24 invasion of Ukraine.

Officials have said that Russian hacker interest in the U.S. energy sector is particularly high, and CISA urged it in a statement Wednesday to be especially mindful of the mitigation measures recommended in the alert. Last month, the FBI issued an alert saying Russian hackers have scanned at least five unnamed energy companies for vulnerabilities.

Lee said the malware was “designed to be a framework to go after lots of different types of industries and be leveraged multiple times. Based on the configuration of it, the initial targets would be LNG and electric in North America.”

Mandiant said the tools pose the greatest threat to Ukraine, NATO members and other states assisting Kyiv in its defense against Russian military aggression.

It said the malware could be used to shut down critical machinery, sabotage industrial processes and disable safety controllers, leading to the physical destruction of machinery that could lead to the loss of human lives. It compared the tools to Triton, malware traced to a Russian government research institute that targeted critical safety systems and twice forced the emergency shutdown of a Saudi oil refinery in 2017 and to Industroyer, the malware that Russian military hackers used the previous year to trigger a power outage in Ukraine.

Lee said the newly discovered malware, dubbed Pipedream, is only the seventh such malicious software to be identified that is designed to attack industrial control systems.

Lee said Dragos, which specializes in industrial control system protection, identified and analyzed its capability in early 2022 as part of its normal business research and in collaboration with partners.

He would offer no more specifics. In addition to Dragos and Mandiant, the U.S. government alert offers thanks to Microsoft, Palo Alto Networks and Schneider Electric for their contributions.

Schneider Electric is one of the manufacturers listed in the alert whose equipment is targeted by the malware. Omron is another.

Mandiant said it had analyzed the tools in early 2002 with Schneider Electric.

In a statement, Palo Alto Networks executive Wendi Whitmore said: “”We’ve been warning for years that our critical infrastructure is constantly under attack. Today’s alerts detail just how sophisticated our adversaries have gotten.”

Microsoft had no comment.

AP writer Alan Suderman contributed from Richmond, Virginia

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

AP

American Airlines put an unspecified number of employees on leave for their involvement in an incid...

Associated Press

American Airlines CEO calls removal of Black passengers from Phoenix flight ‘unacceptable’

American Airlines put an unspecified number of employees on leave for their involvement in an incident in which several Black passengers were removed from a flight in Phoenix.

1 day ago

FILE - Crystal Baziel holds the Pan-African flag Monday, June 19, 2023, during Reedy Chapel A.M.E C...

Associated Press

The beginner’s guide to celebrating Juneteenth

For more than one-and-a-half centuries, the Juneteenth holiday has been sacred to many Black communities. It marks the day in 1865 enslaved people in Galveston, Texas found out they had been freed — after the end of the Civil War, and two years after President Abraham Lincoln’s Emancipation Proclamation. Since it was designated a federal […]

3 days ago

A Boeing 737 Max suffered damage to parts of the plane's structure after it went into a “Dutch ro...

Associated Press

Plane that did ‘Dutch roll’ on flight from Phoenix suffered structural damage, investigators say

A Boeing 737 Max suffered damage to parts of the plane's structure after it went into a “Dutch roll” during a flight from Phoenix last month.

8 days ago

This photo provided by Randy Shannon shows Mooney Falls on the Havasupai reservation outside the vi...

Associated Press

Dozens report illness after trips to waterfalls near Grand Canyon

Dozens of hikers say they fell ill during trips to a popular Arizona tourist destination that features towering blue-green waterfalls deep in a gorge neighboring Grand Canyon National Park.

8 days ago

Mugshot of Rudy Giuliani, who was processed Monday, June 10, 2024, in the Arizona fake electors cas...

Associated Press

Rudy Giuliani posts $10K cash bond after being processed in Arizona fake electors case

Rudy Giuliani, a former New York City mayor and Donald Trump attorney, was processed Monday in the Arizona fake electors case.

11 days ago

FILE - White House former chief of staff Mark Meadows speaks with reporters at the White House, Wed...

Associated Press

Former Trump chief of staff Mark Meadows pleads not guilty in Arizona fake elector case

Former Donald Trump presidential chief of staff Mark Meadows and Trump 2020 Election Day operations director Michael Roman pleaded not guilty Friday in Phoenix to nine felony charges for their roles in an effort to overturn Trump's Arizona election loss to Joe Biden.

15 days ago

Sponsored Articles

...

Day & Night Air Conditioning, Heating and Plumbing

Beat the heat, ensure your AC unit is summer-ready

With temperatures starting to rise across the Valley, now is a great time to be sure your AC unit is ready to withstand the sweltering summer heat.

...

DESERT INSTITUTE FOR SPINE CARE

Desert Institute for Spine Care is the place for weekend warriors to fix their back pain

Spring has sprung and nothing is better than March in Arizona. The temperatures are perfect and with the beautiful weather, Arizona has become a hotbed for hikers, runners, golfers, pickleball players and all types of weekend warriors.

...

COLLINS COMFORT MASTERS

Here are 5 things Arizona residents need to know about their HVAC system

It's warming back up in the Valley, which means it's time to think about your air conditioning system's preparedness for summer.

US agencies: Industrial control system malware discovered