U.S. agencies: Industrial control system malware discovered

A joint cybersecurity advisory released by the Department of Energy, the Cybersecurity and Infrastructure Security Agency, the National Security Agency and the FBI is photographed in Washington, Wednesday, April 13, 2022. The agencies issued the joint alert Wednesday announcing the discovery of malicious cyber tools capable of gaining "full system access" to multiple industrial control systems. (AP Photo/Jon Elswick)
265805 Pinchos- PGB promo Banner (25 x 5 cm)-5 copy


AP Technology Writer

BOSTON (AP) — Multiple U.S. government agencies issued a joint alert Wednesday warning of the discovery of malicious cyber tools created by unnamed advanced threat actors that they said were capable of gaining “full system access” to multiple industrial control systems.

The public alert from the Energy and Homeland Security Departments, the FBI and National Security Agency did not name the actors or offer details on the find.

But the CEO of one of the cybersecurity companies involved in the effort, Robert M. Lee of Dragos, says it has high confidence the malware was developed by a state actor and was configured to initially target liquified natural gas and electric power sites in North America.

Lee would not name the state actor, referring questions to the U.S. government. Nor would he explain how the malware was discovered, other than to say it was caught “before an attack was attempted.”

“We’re actually one step ahead of the adversary. None of us want them to understand where they screwed up,” said Lee. “Big win.”

The Cybersecurity and Infrastructure Security Agency, which published the alert, did not immediately respond to a request for details on the discovery or threat actor.

The U.S. government has warned critical infrastructure industries the gird for possible cyberattacks from Russia as retaliation for severe economic sanctions imposed on Moscow in response to its Feb. 24 invasion of Ukraine.

Lee said the malware was “designed to be a framework to go after lots of different types of industries and be leveraged multiple times. Based on the configuration of it, the initial targets would be LNG and electric in North America.”

He said the malware, dubbed Pipedream, is only the seventh such malicious software to be identified that is designed to attack industrial control systems.

Lee said Dragos, which specializes in industrial control system protection, identified and analyzed its capability in early 2022 as part of its normal business research and in collaboration with partners.

He would offer no more specifics The U.S. government alert offers thanks to Dragos, Mandiant, Microsoft. Palo Alto Networks and Schneider Electric for their contributions.

Schneider Electric is one of the manufacturers listed in the alert whose equipment is targeted by the malware. Omron is another.