Industrial automation networks rely on a variety of equipment that enable operators to translate information and instructions into chains of physical actions. INCONTROLLER Was Built to Manipulate and Disrupt Industrial Processes The tool can also interact with Omron's servo drives, which use feedback control to deliver energy to motors for precision motion control. CODECALL contains modules to interact with, scan, and attack at least three Schneider Electric programmable logic controllers (PLCs).Ī framework with capabilities to interact with and scan some types of Omron PLCs via HTTP, Telnet, and Omron FINS protocol. INCONTROLLER is comprised of three main components: Table 1: Description of toolsĪ tool that scans for OPC servers, enumerates OPC structure/tags, brute forces credentials, and reads/writes OPC tag values.Ī framework that communicates using Modbus-one of the most common industrial protocols-and Codesys. For more information from CODESYS, please see their advisory. For more information from Schneider Electric, please see their bulletin. This report is related to information shared in CISA Alert (AA22-103A).
Further analysis of related threats is available as part of Mandiant Advantage Threat Intelligence. If you need support responding to related activity, please contact Mandiant Consulting. As future modifications to these tools are likely, we believe behavior-based hunting and detection methods will be most effective. To help asset owners find and defend against INCONTROLLER, we have included a range of mitigations and discovery methods throughout this report. It is comparable to TRITON, which attempted to disable an industrial safety system in 2017 INDUSTROYER, which caused a power outage in Ukraine in 2016 and STUXNET, which sabotaged the Iranian nuclear program around 2010. INCONTROLLER represents an exceptionally rare and dangerous cyber attack capability. INCONTROLLER is very likely state sponsored and contains capabilities related to disruption, sabotage, and potentially physical destruction. While the targeting of any operational environments using this toolset is unclear, the malware poses a critical risk to organizations leveraging the targeted equipment. The tools can interact with specific industrial equipment embedded in different types of machinery leveraged across multiple industries. In early 2022, Mandiant, in partnership with Schneider Electric, analyzed a set of novel industrial control system (ICS)-oriented attack tools-which we call INCONTROLLER (aka PIPEDREAM)-built to target machine automation devices. Create a Free Mandiant Advantage Account.
0 kommentar(er)
