Multiple U.S. government agencies issued a joint alert Wednesday warning of the discovery of malicious cyber tools created by unnamed advanced-threat actors that they said were capable of gaining “full system access” to multiple industrial control systems.
The public alert from the Energy and Homeland Security Departments, the FBI and National Security Agency did not name the actors or offer details on the discovery.
But the CEO of one of the cybersecurity companies involved in the effort, Robert M. Lee of Dragos, says it has high confidence the malware was developed by a state actor and was configured to initially target liquified natural gas and electric power sites in North America.
Lee would not name the state actor, referring questions to the U.S. government. Nor would he explain how the malware was discovered, other than to say it was caught “before an attack was attempted.”
“We’re actually one step ahead of the adversary. None of us want them to understand where they screwed up,” said Lee. “Big win.”
The Cybersecurity and Infrastructure Security Agency, which published the alert, did not immediately respond to a request for details on the discovery or threat actor.
The U.S. government has warned critical infrastructure industries to gird for possible cyberattacks from Russia as retaliation for severe economic sanctions imposed on Moscow in response to its Feb. 24 invasion of Ukraine.
Lee said the malware was “designed to be a framework to go after lots of different types of industries and be leveraged multiple times. Based on the configuration of it, the initial targets would be LNG and electric in North America.”
He said the malware, dubbed Pipedream, is only the seventh such malicious software to be identified that is designed to attack industrial control systems.
Lee said Dragos, which specializes in industrial control system protection, identified and analyzed its capability in early 2022 as part of its normal business research and in collaboration with partners.
He would offer no more specifics The U.S. government alert offers thanks to Dragos, Mandiant, Microsoft. Palo Alto Networks and Schneider Electric for their contributions.
Schneider Electric is one of the manufacturers listed in the alert whose equipment is targeted by the malware. Omron is another.