(Reuters) – Advanced hackers have shown they can take control of an array of devices that help run power plants and manufacturing plants, the U.S. government said in an alert on Wednesday, warning the potential for cyber spies to harm critical infrastructure.
The U.S. Cybersecurity and Infrastructure Security Agency and other government agencies released a joint advisory saying malware from hackers could affect a type of device called programmable logic controllers made by Schneider Electric and OMRON Corp.
OMRON did not immediately return a message seeking comment. A spokesperson for Schneider confirmed that it worked with US officials to defend against hackers, calling it “a successful example of working together to deter threats to critical infrastructure before they happen.”
Controllers are common to a variety of industries – from gas to food production plants – but Robert Lee, CEO of cybersecurity firm Dragos, which helped uncover the malware, said researchers believe the intended targets by pirates were liquefied natural gas and electrical installations.
In its alert, the Cybersecurity Agency urged critical infrastructure organizations, “especially organizations in the energy sector”, to implement a series of recommendations aimed at blocking and detecting the cyber weapon, named Pipedream.
Although the government’s warning was vague – it did not specify which hackers were behind the malware or whether it had actually been used – it caused concern across the industry.
In a sign of how seriously the discovery was being taken, CISA said it was making its announcement alongside the Department of Energy, the National Security Agency and the FBI.
Programmable logic controllers, or programmable logic controllers, are integrated into a large number of plants and factories and any interference with their operation can cause damage, from shutdowns to power failures to chemical leaks, damaged equipment or even explosions.
Mr Lee said the tool developed by the mystery hackers was “very capable” and had probably been in the works for several years.
“It’s as dangerous as people make it out to be,” he said in an interview.
Western cybersecurity officials are already nervous about Russia’s invasion of Ukraine and the deployment of malware aimed at causing blackouts.
Sergio Caltagirone, Dragos’ vice president of threat intelligence, said Pipedream can be understood as a “toolbox” of different hacking tools. Each component offers a different way of subverting normal controls, giving hackers a variety of options to launch attacks.
For example, Caltagirone said one of Pipedream’s tools would have allowed attackers to damage Schneider Electric’s PLC in such a way that it would have had to be replaced entirely.
“Due to existing supply chain challenges, it may take longer to obtain replacement controllers after such an attack,” he said. “That means a liquefied natural gas facility could be out of service for months.”