Malicious cyber tools to sabotage energy and other critical

Several US government agencies issued a joint alert on Wednesday, warning of the discovery of a suite of malicious cyber tools created by unknown advanced threat actors capable of sabotaging the energy sector and other critical industries.

Public alerts from the Energy and Homeland Security Departments, the FBI and the National Security Agency did not name the actors or provide details on the search. But their private-sector cybersecurity partners said evidence suggests Russia is behind the devices disrupting industrial control systems – and that they were initially configured to target North American energy concerns.

Mandiant, one of the cybersecurity firms involved, called the tool “extraordinarily rare and dangerous.”

In a report, it called the functionality of the tools “in line with malware used in prior physical attacks in Russia”, although it acknowledged that the evidence linking it to Moscow is “largely circumstantial”.

The CEO of another government partner, Dragos’ Robert M. Lee, agreed that a state actor almost certainly designed malware, which he said was initially intended to target liquefied natural gas and electric power sites in North America. was configured for.

Lee cited questions over the identity of the state actor to the US government and did not explain how the malware was discovered, other than to say that it was caught “before the attack was attempted”.

“We are really one step ahead of the adversary. Neither of us wants them to understand where they screwed up,” Lee said. “Big win.”

The Cyber ​​Security and Infrastructure Security Agency, which published the alert, declined to identify the threat actor.

The US government has warned critical infrastructure industries of possible cyberattacks from Russia as retaliation for severe economic sanctions imposed on Moscow in response to the February 24 invasion of Ukraine.

Officials have said Russian hacker interest in the US energy sector is particularly high, and CISA in a statement on Wednesday urged it to be particularly careful about the mitigation measures recommended in the alert. Last month, the FBI issued an alert saying Russian hackers scanned at least five unnamed energy companies for vulnerabilities.

Lee said the malware was “designed as a framework to go after a variety of industries and be leveraged at times. Depending on its configuration, initial targets would be LNG and electric in North America.”

Mandiant said the equipment poses the biggest threat to Ukraine, NATO members and other states that are assisting Kyiv in its defense against Russian military aggression.

It said the malware can be used to shut down critical machinery, sabotage industrial processes and disable security controllers, causing physical destruction of machinery that could result in loss of human life. It compared the tool to Triton, malware detected by a Russian government research institute, which targeted critical security systems and twice forced the emergency shutdown of a Saudi oil refinery in 2017 and Industroyer, malware that Russian military hackers found in the past. Power failure in Ukraine was used to trigger the year

Lee said the newly discovered malware, called Pipedream, is only the seventh malicious software to be identified that is designed to attack industrial control systems.

Lee said Dragos, which specializes in industrial control systems security, identified and analyzed its potential in early 2022 as part of its general business research and in collaboration with partners.

He will not give any further details. In addition to Dragos and Mandiente, the US government alert thanks Microsoft, Palo Alto Networks and Schneider Electric for their contributions.

Schneider Electric is one of the manufacturers listed in Alert whose equipment is targeted by malware. Omron is another. Mandient said it had analyzed the devices with Schneider Electric in early 2002.

In a statement, Palo Alto Networks executive Wendy Whitmore said: “We have been warning for years that our critical infrastructure is under constant attack. Today’s alerts show how sophisticated our adversaries have become.”

Microsoft had no comment.


Source link

What Do You Think About this News