By FRANK BAJAK, AP Technology Writer
BOSTON (AP) — Several U.S. government agencies issued a joint alert on Wednesday warning of the discovery of a suite of malicious cyber tools created by Anonymous Advanced Threat Actors capable of sabotaging the energy sector and other industries. reviews.
The public alert from the Departments of Energy and Homeland Security, the FBI and the National Security Agency did not name the actors or give details of the find. But their private-sector cybersecurity partners said evidence suggests Russia is behind the disruptive industrial control system tools — and that they were set up to initially target North American energy concerns.
One of the cybersecurity firms involved, Mandiant, called the tools “exceptionally rare and dangerous”.
In a report, he called the tools’ functionality “consistent with malware used in Russia’s previous physical attacks”, while acknowledging that the evidence linking it to Moscow is “largely circumstantial”.
The CEO of another government partner, Robert M. Lee of Dragos, agreed that a state actor almost certainly engineered the malware, which he said was set up to initially target liquefied natural gas and mining sites. electricity in North America.
Lee referred questions about the state actor’s identity to the US government and did not explain how the malware was discovered, except to say it was detected ‘before an attack was attempted’ .
“We are actually a step ahead of the opponent. None of us want them to figure out where they screwed up,” Lee said. “Great victory.”
The Cybersecurity and Infrastructure Security Agency, which issued the alert, declined to identify the author of the threat.
The U.S. government has warned critical infrastructure industries against possible Russian cyberattacks in retaliation for tough economic sanctions imposed on Moscow in response to its Feb. 24 invasion of Ukraine.
Officials said Russian hacker interest in the U.S. energy sector was particularly high, and the CISA urged in a statement Wednesday to pay particular attention to the mitigations recommended in the alert. Last month, the FBI issued an alert that Russian hackers had scanned at least five unnamed energy companies for vulnerabilities.
Lee said the malware was “designed to be a framework to attack many different types of industries and be exploited multiple times. Depending on how it was configured, the initial targets would be LNG and electricity in America. North.
Mandiant said the tools posed the biggest threat to Ukraine, with NATO members and other states aiding kyiv in its defense against Russian military aggression.
He said the malware could be used to shut down critical machinery, sabotage industrial processes and disable security controllers, resulting in the physical destruction of machinery that could lead to loss of life. He compared the tools to Triton, malware attributed to a Russian government research institute that targeted critical security systems and forced an emergency shutdown of a Saudi oil refinery twice in 2017 and to Industroyer, the malware that Russian military hackers used the previous year to trigger a blackout in Ukraine.
Lee said the newly discovered malware, dubbed Pipedream, is only the seventh malware of its kind to be identified and designed to attack industrial control systems.
Lee said Dragos, which specializes in protecting industrial control systems, identified and analyzed its capabilities in early 2022 as part of its normal business research and in collaboration with partners.
He wouldn’t offer more details. In addition to Dragos and Mandiant, the US government alert thanks Microsoft, Palo Alto Networks and Schneider Electric for their contributions.
Schneider Electric is one of the manufacturers named in the alert whose equipment is targeted by the malware. Omron is another.
Mandiant said it analyzed the tools in early 2002 with Schneider Electric.
In a statement, Palo Alto Networks executive Wendi Whitmore said, “We have been warning for years that our critical infrastructure is under constant attack. Today’s alerts detail just how sophisticated our adversaries have become.
Microsoft had no comment.
AP writer Alan Suderman contributed from Richmond, Va.
Copyright 2022 The Associated press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.