The American authorities revealed on April 13 that they had been informed that authors of advanced persistent threats, English advanced persistent threat, are able to access the supervision systems (ICS) and the control and acquisition systems of data (SCADA) from many industrial devices through malware.
Malware to cripple industrial devices
It was the United States Department of Energy, the Cybersecurity and Infrastructure Security Agency, the National Security Agency and the Federal Bureau of Investigation that sounded the alarm. According to them, the software could affect the programmable logic controllers (PLC) of the Schneider Electric group, those of the company OMRON, as well as Open Platform Communications Unified Architecture servers. PLCs are mainly used in the automation of systems in many sectors ranging from water treatment, to the automotive sector, through the food industry…
Data protection: will a transatlantic agreement emerge?
The malware was discovered earlier this year by cybersecurity firm Dragos. Nicknamed Pipedream, it would be able to disrupt, sabotage or even physically destroy the targeted devices. It could perform 38% of known technical attacks on ICS and up to 83% of tactical attacks. The intent behind these attacks is to leverage access to ICS systems to elevate privileges, move around environments, and sabotage critical functions. the report of the company nevertheless mentions that the malicious software, in spite of its destructive effects and although identified in several systems, has not yet taken action.
The US government call private companies, particularly those in the energy sector, to implement their recommendations in order to detect and mitigate possible malicious activities. He recommends strengthening two-factor authentication means, changing passwords regularly, and using a continuous monitoring solution to record and report malicious behavior.
Russia potentially involved
While US authorities have not attributed the facts to a particular hacker group or country, US cybersecurity firm Mandiant believes the software is likely to belong to a state-backed group. It supports this hypothesis on the complexity of the malware, its expertise, the resources necessary to develop it, and its low profit interest.
In his article, Mandiant explains that Pipedream’s activity is consistent with previous efforts by Russia and its historical interests in compromising industrial control systems. A threat that is all the more serious since it is part of the context of the war in Ukraine. In early April, Ukraine’s Computer Emergency Response Team thwarted a massive cyberattack on its power grid.
Last March, the Biden administration had already reported “ preparatory activities on the Russian side for cyberattacks. ” If you haven’t already, I urge our private sector partners to immediately strengthen their cyber defenses “. The American president had reminded companies, in particular those managing critical infrastructures, to be ready.