[German]There is a warning from CISA and other organizations in the U.S. aimed at manufacturers and operators of process control systems and controllers (ICS/SCADA systems). Cyber groups (APTs) have developed new attack tools with which they can attack various industrial control systems. Since there is now a certain trend to only destroy in these attacks, the risk of industrial sectors or critical infrastructure being crippled by (government) cyber actors is increasing.
Advertising
The Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory (CSA).
The above tweet points out this fact. The relevant CISA warning is sometimes very difficult to retrieve on the web – here is the archived version in the web cache.
ICS/SCADA systems in focus
U.S. authorities are warning that certain (state-sponsored) cyber groups responsible for advanced persistent threats (APT) are capable of (and have demonstrated) gaining full system access to multiple industrial control systems (ICS)/monitoring control and data acquisition (SCADA) systems, including:
- Schneider Electric programmable logic controllers (PLCs),
- OMRON Sysmac NEX Programmable Logic Controllers and
- Open Platform Communications Unified Architecture (OPC UA) servers
Authorities write that APT actors have developed custom tools to attack ICS/SCADA devices. These tools enable attackers to scan, compromise and control affected devices once they gain initial access to the operational technology (OT) network.
Advertising
In addition, the actors can compromise Windows-based technical workstations that may be present in IT or OT environments. To do so, they use an exploit that compromises an ASRock motherboard driver with known vulnerabilities. By compromising ICS/SCADA devices and maintaining full system access, APT actors can elevate privileges, move laterally in an OT environment, and disrupt critical devices or functions.
DOE, CISA, NSA, and the FBI recommend critical infrastructure, particularly in the energy sector, implement the APT detection and mitigation recommendations contained in this CSA to detect potential malicious APT activity and protect their ICS/SCADA devices. The report includes specific threat and tool information. A PDF version of this report can be downloaded here.
Security vendor Mandiant also warns in the above tweet and this post about a new set of attack tools targeted at industrial control systems. Called INCONTROLLER, the tools are designed to manipulate and disrupt industrial processes.
