US government agencies came together earlier this week to warn that state-sponsored cyber-attacks on critical infrastructure remains a serious threat, highlighting that some hackers have developed malware allowing them to gain full system access.
The advisory was issued by the Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI), and highlighted multiple industrial control system (ICS)/supervisory control and data acquisition devices (SCADA) which could be compromised.
“The APT [advanced persistent threat] actors have developed custom-made tools for targeting ICS/SCADA devices. The tools enable them to scan for, compromise, and control affected devices once they have established initial access to the operational technology (OT) network,” the advisory read.
“Additionally, the actors can compromise Windows-based engineering workstations, which may be present in information technology (IT) or OT environments, using an exploit that compromises an ASRock motherboard driver with known vulnerabilities. By compromising and maintaining full system access to ICS/SCADA devices, APT actors could elevate privileges, move laterally within an OT environment, and disrupt critical devices or functions,” it said.
The group of agencies went on to urge crticial infrastructure organisations, and “especially energy sector organisations,” to implement a series of recommendations laid out in the advisory to help detect and mitigate malicious APT activity and harden ICS/SCADA devices.