INCONTROLLER/PIPEDREAM malware targeting ICS/SCADA devices

Several government agencies (DOE, CISA, NSA, and FBI) have issued a joint security advisory to warn about an APT threat, called INCONTROLLER/PIPEDREAM, which has been developed to attack industrial control and automation systems (ICS/SCADA) by the CHERNOVITE activity group.

The creators of this APT have developed custom tools to target these ICS/SCADA devices. These tools allow them to find, compromise and control the affected devices once they have established initial access to the operational technology (OT) network. In addition, developers can compromise Windows-based engineering workstations, which may be present in IT or OT environments, using an exploit that compromises an ASRock motherboard driver with known vulnerabilities. By compromising and maintaining full system access to ICS/SCADA devices, APT actors could elevate privileges, move laterally within a TO environment and disrupt critical functions or devices.