The White House has issued a warning about hackers attempting to disrupt the energy grid and other industrial control systems with “a Swiss Army knife” of custom-coded malicious software. A joint bulletin issued by the FBI, NSA, DHS and Energy Department cautioned businesses to be on the lookout for “advanced persistent threat actors,” or APTAs, a commonly used way to describe state-backed hackers. Specific reference was made to devices from Japanese electronics firm Omron and the French firm Schneider Electric, suppliers of industrial automation equipment.

“Malware designed to target industrial control systems like power grids, factories, water utilities, and oil refineries represents a rare species of digital badness. So when the United States government warns of a piece of code built to target not just one of those industries, but potentially all of them, critical infrastructure owners worldwide should take notice,” writes Wired.

Servers that rely on open platform communications unified architecture (OPCUA) are also singled-out as susceptible in the Cybersecurity and Infrastructure Security Agency (CISA) alert, issued Wednesday. The CISA bulletin encourages firms relying on industrial control systems to use strong passwords and isolate their corporate computer networks, among other tips.

Bloomberg reports that “Robert Lee, the CEO of cybersecurity firm Dragos Inc., said on Twitter the hackers’ malware is ‘highly capable’ and worth monitoring because of destructive capabilities,” noting that “Dragos has ‘high confidence’ that a state actor developed the malware ‘with the intent on deploying it to disrupt key infrastructure sites.’”

“This is the most expansive industrial control system attack tool that anyone has ever documented,” Dragos vice president of threat intelligence Sergio Caltagirone tells Wired, comparing the malware to “a Swiss Army knife with a huge number of pieces to it.”

Dragos contributed research to the CISA advisory, along with “researchers at Mandiant, Palo Alto Networks, Microsoft, and Schneider Electric,” according to Wired, which cites a report published by Drago that refers to the new malicious code as Pipedream and says it’s “the seventh known Industrial Control Systems (ICS)-specific malware and fifth specifically developed to disrupt industrial processes.”

Although the CISA bulletin doesn’t identify a specific country with regard to this new malware, a March 21 fact sheet from the Biden administration warned of “evolving intelligence that Russia may be exploring options for potential cyberattacks.”

Related:
Industrial Cyber Firms Form Lobbying Coalition as Biden Ramps Up Regulation, The Wall Street Journal, 4/12/22