US Warns of Malware Capable of Wrecking Industrial Systems

pcmag.com:

New malware is raising alarm bells over its ability to disrupt and potentially destroy industrial control systems. 

US federal agencies today warned about the malware, describing it as a set of tools capable of hijacking multiple industrial control systems from France’s Schneider Electric and Japan’s Omron.

Security firm Dragos examined the hacking tools, and said they can “cause disruption, degradation, and possibly even destruction” depending on the industrial system targeted.

“Dragos assesses with high confidence this was developed by a state actor with the intent on deploying it to disrupt key infrastructure sites,” CEO Robert Lee said in a tweet. 

Security firm Mandiant also analyzed the hacking tools, and agreed that they can be used to shut down critical machinery, sabotage industrial processes, and disable safety controllers, which could lead to physical destruction. 

Mandiant says the tools contain three components, the first of which will scan for servers that use an industrial network protocol called OPC UA. The second component can hijack industrial control systems from Schneider Electric to delete files, crash the device, or upload additional payloads. Meanwhile, the third component is designed to tamper with equipment from Omron. 

Mandiant also said the toolkit contains two other components that can hijack Windows-based workstations. It dubbed the hacking tools “Incontroller” while Dragos calls them “Pipedream.” 

The good news is that the hackers behind the malicious tools seem to have accidentally exposed them to security researchers. It’s not clear how Dragos and Mandiant examined the malware, but both companies did so early this year with the help of partners, including Schneider Electric. 

“This is the