U.S. government warns that new malware 'Pipedream' targeting energy industry systems has been discovered

A cybersecurity advisory jointly announced by the US Department of Homeland Security (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Ministry of Energy (DOE), including liquefied natural gas (LNG) production facilities. It warns that the malware ' Pipedream ' has been found to hijack the industrial system used in.

APT Cyber Tools Targeting ICS / SCADA Devices | CISA

CHERNOVITE's Pipedream Malware Targeting Industrial Control Systems (ICS) | Dragos

US warns of govt hackers targeting industrial control systems

The Pipedream has a modular architecture that allows attackers to execute highly automated exploits on targeted devices. The target is control systems used in energy-related industrial facilities, especially LNG production facilities, which are expected to be the largest targets.

The problem with Pipedream is that it doesn't take advantage of fixable bugs in the system, but rather 'specs for exchanging data between devices without having to encrypt it.' In particular, Pipedream's program includes a method for destroying system controllers from Schneider Electric in France and Omron in Japan, and an open source framework for transferring data from sensors to applications called 'OPC Unified Architecture'. It was said that.

The CISA, NSA, FBI, and DOE warn energy-related facilities to implement system monitoring programs and take measures such as requiring multi-factor authentication for remote logins.

It seems that the Pipedream discovered this time was discovered before it was released, but it is not clear who was discovered and how it was discovered. The authorities also do not mention the country that developed Pipedream.

Security company Mandiant has stated from previous attack cases that the Russian government is probably behind Pipedream, with Ukraine and NATO countries being the most recent and most at risk of being attacked. 'We cannot determine who owns the malware, but it should be noted that this activity is in line with Russia's historical interests,' said Nathan Bullbaker, director of intelligence analysis at Mandiant.

in Security, Posted by log1i_yk