The US warns of the risk of specialized malware attacking energy infrastructure – Information Technology

Many US federal agencies have issued warnings about the risk of critical US infrastructure, especially energy facilities, being attacked by specially designed malware.

The US Department of Energy (DOE) together with the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA) and the US Federal Bureau of Investigation (FBI) have just issued a new warning about the risk. essential infrastructure in the United States. Accordingly, hostile actors are using malicious code specific to the hardware used by these infrastructures, especially in energy facilities.

In this new warning, US federal agencies say that some industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems are becoming the target of foreign hackers. Hardware on the potential target list includes Schneider Electric’s programmable controller (PLC), OMRON Sysmac NEX and OPC UA-compliant servers.

The notice from federal agencies urges organizations working in the energy and many other critical infrastructure sectors to quickly implement the threat detection and mitigation recommendations contained in the notice.

One of the risk objects named in the warning is CHERNOVITE, using the PIPEDREAM malicious code to target ICS. This malicious code has been tracked by security company Dragos for some time and discovered that the target of PIPEDREAM is the controller of Schneider Electric and OMRON. Dragos CEO Robert Lee believes that CHERNOVITE is backed by a one-country government.

Another security company, Mandiant, is tracking a malicious code called INCONTROLLER. This malware also targets Schneider Electric hardware and is likely also backed by a country.

The new announcement comes as malware, especially ransomware, is becoming an unavoidable threat to critical infrastructure in many countries. In the first 6 months of 2021, the US is estimated to have lost about $ 600 million because of ransomware. In May 2021, Colonial Pipeline – the largest US oil product pipeline operator – had to stop working for 5 days after being hacked by hackers. Japan has also asked many key companies to strengthen their cyber defenses.