Get 40% Off
🤯 This Tech Portfolio is up 29% YTD! Join Now to Get April’s Top PicksGet The Picks – Just 99 USD

U.S. says advanced hackers have shown ability to hijack critical infrastructure

Published 04/13/2022, 03:09 PM
Updated 04/13/2022, 06:00 PM
© Reuters. FILE PHOTO: A warning sign at the perimeter of a transfer line area is seen at the Dominion Cove Point Liquefied Natural Gas (LNG) terminal in Lusby, Maryland March 18, 2014.   REUTERS/Gary Cameron  (UNITED STATES)/File Photo

© Reuters. FILE PHOTO: A warning sign at the perimeter of a transfer line area is seen at the Dominion Cove Point Liquefied Natural Gas (LNG) terminal in Lusby, Maryland March 18, 2014. REUTERS/Gary Cameron (UNITED STATES)/File Photo

By Christopher Bing and Raphael Satter

WASHINGTON (Reuters) -Advanced hackers have shown they can take control of an array of devices that help run power stations and manufacturing plants, the U.S. government said in an alert https://www.cisa.gov/uscert/ncas/alerts/aa22-103a on Wednesday, warning of the potential for cyber spies to harm critical infrastructure.

The U.S. Cybersecurity and Infrastructure Security Agency and other government agencies issued a joint advisory saying the hackers' malicious software could affect a type of device called programmable logic controllers made by Schneider Electric (EPA:SCHN) and OMRON Corp.

OMRON did not immediately return a message seeking comment. A Schneider spokesperson confirmed it had worked with U.S. officials to defend against the hackers, calling it "an instance of successful collaboration to deter threats on critical infrastructure before they occur."

The controllers are common across a variety of industries - from gas to food production plants - but Robert Lee, chief executive of cybersecurity firm Dragos, which helped uncover the malware, said researchers believed the hackers' intended targets were liquefied natural gas and electric facilities.

In its alert, the Cybersecurity Agency urged critical infrastructure organizations, "especially Energy Sector organizations," to implement a series of recommendations aimed at blocking and detecting the cyber weapon, named Pipedream.

Although the government warning was vague - it did not say which hackers were behind the malware or if it had actually been used - it sent concern coursing across the industry.

In a sign of how seriously the discovery was being taken, CISA said it was making its announcement alongside the Energy Department, the National Security Agency and the FBI.

Programmable logic controllers, or PLCs, are embedded in a huge number of plants and factories and any interference with their operation has the potential to cause harm, from shutdowns to blackouts to chemical leaks, wrecked equipment or even explosions.

Lee said the tool developed by the mystery hackers was "highly capable" and had likely been in the works for several years.

"It is as dangerous as people are making it out to be," Lee said in an interview.

Western cybersecurity officials are already on edge over Russia's invasion of Ukraine and the deployment of malware aimed at causing electrical outages.

Sergio Caltagirone, Dragos' vice president of threat intelligence, said Pipedream could be understood as a "toolbox" of different hacking tools. Each component offers a different way to subvert normal controls, giving the hackers a variety of options to launch attacks.

© Reuters. FILE PHOTO: A warning sign at the perimeter of a transfer line area is seen at the Dominion Cove Point Liquefied Natural Gas (LNG) terminal in Lusby, Maryland March 18, 2014.   REUTERS/Gary Cameron  (UNITED STATES)/File Photo

For example, Caltagirone said that one of the tools within Pipedream would have allowed the attackers to damage Schneider Electric's PLC in such a way that it would need to be entirely replaced.

"Because of existing supply chain challenges it could take longer to get replacement controllers after such an attack," Caltagirone said. "What this means is a liquefied natural gas facility might be out of commission for months."

Latest comments

The big question is: Why even make so much critical infrastructure vulnerable?
Maybe if we shut down the power grid for just two weeks we can slow the hackers.
Simple. Cut all critical installations from internet and you will be ok. Internet is a highway for criminals to your doorstep
We should definitely infringe on whatever personal freedom is left! You will own nothing and be happy- Klaus swab
Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.