Several U.S. government agencies issued a joint alert on Wednesday warning of the discovery of malicious cyber tools created by Anonymous advanced threat actors that they claim were capable of gaining “full system access” to several industrial control systems. .
The public alert from the Departments of Energy and Homeland Security, the FBI and the National Security Agency did not name the actors or provide details of the find. But their private sector cybersecurity partners said evidence suggests Russia is behind the tools – and that they were set up to initially target North American energy concerns.
One of the cybersecurity firms involved, Mandiant, said in a report that the tools’ functionality was “consistent with malware used in Russia’s previous physical attacks”, while acknowledging that evidence linking it to Moscow is largely circumstantial.
He called the tools “exceptionally rare and dangerous”.
The CEO of another government partner, Robert M Lee de Dragos, agreed that a state actor almost certainly designed the malware, which he said was set up to initially target liquefied natural gas and electricity sites. in North America.
Lee referred questions about the state actor’s identity to the US government and did not explain how the malware was discovered, except to say it was detected ‘before an attack was attempted’ .
“We are actually a step ahead of the opponent. None of us want them to figure out where they screwed up,” Lee said. “Great victory.”
The Cybersecurity and Infrastructure Security Agency (CISA), which issued the alert, declined to identify the author of the threat.
The US government has warned critical infrastructure industries to prepare for possible cyberattacks from Russia in retaliation for tough economic sanctions imposed on Moscow in response to its Feb. 24 invasion of Ukraine.
Officials said Russian hacker interest in the U.S. energy sector was particularly high, and the CISA urged in a statement on Wednesday to pay particular attention to the mitigations recommended in the alert. Last month, the FBI issued an alert that Russian hackers had scanned at least five unnamed energy companies for vulnerabilities.
Lee said the malware was “designed to be a framework to attack many different types of industries and be exploited multiple times. Depending on how it was configured, the initial targets would be LNG and LNG. ‘electricity in North America’.
Mandiant said the tools posed the biggest threat to Ukraine, with NATO members and other states aiding kyiv in its defense against Russian military aggression.
He said the malware could be used to shut down critical machinery, sabotage industrial processes and disable security controllers, resulting in the physical destruction of machinery that could lead to loss of life. He compared the tools to Triton, malware attributed to a Russian government research institute that targeted critical security systems and forced an emergency shutdown of a Saudi oil refinery twice in 2017 and to Industroyer, the malware that Russian military hackers used the previous year to trigger a blackout in Ukraine.
Lee said the newly discovered malware, dubbed Pipedream, is only the seventh malware of its kind to be identified and designed to attack industrial control systems.
Lee said Dragos, which specializes in protecting industrial control systems, identified and analyzed its capabilities in early 2022 as part of its normal business research and in collaboration with partners.
He wouldn’t offer more details. In addition to Dragos and Mandiant, the US government alert thanks Microsoft, Palo Alto Networks and Schneider Electric for their contributions.
Schneider Electric is one of the manufacturers named in the alert whose equipment is targeted by the malware. Omron is another.
Mandiant said it analyzed the tools in early 2002 with Schneider Electric.
In a statement, Palo Alto Networks executive Wendi Whitmore said, “We have been warning for years that our critical infrastructure is under constant attack. Today’s alerts detail just how sophisticated our adversaries have become.
Microsoft had no comment.