{"id":138102,"date":"2022-04-14T09:02:28","date_gmt":"2022-04-14T14:02:28","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2022\/04\/feds-uncover-a-swiss-army-knife-for-hacking-industrial-systems"},"modified":"2022-04-14T09:02:28","modified_gmt":"2022-04-14T14:02:28","slug":"feds-uncover-a-swiss-army-knife-for-hacking-industrial-systems","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2022\/04\/feds-uncover-a-swiss-army-knife-for-hacking-industrial-systems","title":{"rendered":"Feds Uncover a \u2018Swiss Army Knife\u2019 for Hacking Industrial Systems"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/feds-uncover-a-swiss-army-knife-for-hacking-industrial-systems2.jpg\"><\/a><\/p>\n<p>\u201cThis is the most expansive industrial control system attack tool that anyone has ever documented,\u201d says Sergio Caltagirone, the vice president of threat intelligence at industrial-focused cybersecurity firm Dragos, which contributed research to the advisory and <a data-offer-url=\"https:\/\/hub.dragos.com\/hubfs\/116-Whitepapers\/Dragos_ChernoviteWP_v2b.pdf?hsLang=en\" class=\"\"  href=\"https:\/\/hub.dragos.com\/hubfs\/116-Whitepapers\/Dragos_ChernoviteWP_v2b.pdf?hsLang=en\" rel=\"nofollow noopener\" target=\"_blank\">published its own report about the malware<\/a>. Researchers at Mandiant, Palo Alto Networks, Microsoft, and Schneider Electric also contributed to the advisory. \u201cIt\u2019s like a Swiss Army knife with a huge number of pieces to it.\u201d<\/p>\n<p>Dragos says the malware has the ability to hijack target devices, disrupt or prevent operators from accessing them, permanently brick them, or even use them as a foothold to give hackers access to other parts of an industrial control system network. He notes that while the toolkit, which Dragos calls \u201cPipedream,\u201d appears to specifically target Schneider Electric and OMRON PLCs, it does so by exploiting underlying software in those PLCs known as Codesys, which is used far more broadly across hundreds of other types of PLCs. This means that the malware could easily be adapted to work in almost any industrial environment. \u201cThis toolset is so big that it\u2019s basically a free-for-all,\u201d Caltagirone says. \u201cThere\u2019s enough in here for everyone to worry about.\u201d<\/p>\n<p>The CISA advisory refers to an unnamed \u201cAPT actor\u201d that developed the malware toolkit, using the common acronym APT to mean advanced persistent threat, a term for state-sponsored hacker groups. It\u2019s far from clear where the government agencies found the malware, or which country\u2019s hackers created it\u2014though the timing of the advisory follows <a href=\"https:\/\/www.whitehouse.gov\/briefing-room\/statements-releases\/2022\/03\/21\/fact-sheet-act-now-to-protect-against-potential-cyberattacks\/\">warnings<\/a> from the Biden administration about the Russian government making preparatory moves to carry out disruptive cyberattacks in the midst of its invasion of Ukraine.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u201cThis is the most expansive industrial control system attack tool that anyone has ever documented,\u201d says Sergio Caltagirone, the vice president of threat intelligence at industrial-focused cybersecurity firm Dragos, which contributed research to the advisory and published its own report about the malware. Researchers at Mandiant, Palo Alto Networks, Microsoft, and Schneider Electric also contributed [\u2026]<\/p>\n","protected":false},"author":662,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,1490],"tags":[],"class_list":["post-138102","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-government"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/138102","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/662"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=138102"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/138102\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=138102"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=138102"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=138102"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}