
Rare and dangerous Incontroller malware targets ICS operations
A coalition of U.S. government agencies, security researchers, and companies warn about this new malware that can gain complete access to ICS and SCADA systems.
In the second major industrial control system (ICS) threat development this week, the U.S. Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) issued a Cybersecurity Advisory (CSA) warning of a complex and dangerous ICS threat. The CSA says that specific unnamed advanced persistent threat (APT) actors have exhibited the capability to gain complete system access to multiple ICS and supervisory control and data acquisition (SCADA) devices.
These agencies collaborated with a group of top-tier industrial control and security leaders including Dragos, Mandiant, Palo Alto Networks, Microsoft, and Schneider Electric in drafting the alert. The CSA pointed specifically to three categories of devices vulnerable to the malware:
- Schneider Electric programmable logic controllers (PLCs)
- OMRON Sysmac NEX PLCs
- Open Platform Communications Unified Architecture (OPC UA) servers
The malware consists of a package of dangerous custom-made tools targeting ICS and SCADA devices that can scan for, compromise and control affected devices once they have established initial access to the operational technology (OT) network.
This article appeared in CSO Online. To read the rest of the article please visit here.
Image by Frauke Feind from Pixabay