(Reuters) – Advanced hackers have shown they can take control of a range of devices that help power stations and manufacturing facilities, the US government said in a warning on Wednesday, warning of the potential for cyber spies to damage critical infrastructure.
The US Cybersecurity and Infrastructure Security Agency and other government agencies issued a joint council saying that hackers’ malware could affect a type of device called programmable logic controllers manufactured by Schneider Electric and OMRON Corp.
OMRON did not immediately return a message for comment. A spokesman for Schneider confirmed that they had worked with US officials to defend themselves against the hackers and called it “an example of successful cooperation to deter critical infrastructure threats before they occur.”;
The controls are common in a variety of industries – from gas to food production facilities – but Robert Lee, CEO of cybersecurity company Dragos, which helped detect malware, said researchers believed the hackers’ intended targets were liquefied natural gas and electrical installations.
In its warning, the Cybersecurity Agency called on critical infrastructure organizations, “especially energy sector organizations”, to implement a series of recommendations aimed at blocking and detecting the cyber weapon, called Pipedream.
Although the government’s warning was vague – it did not say which hackers were behind the malware or whether it had actually been used – it sent concerns across the industry.
As a sign of how serious the discovery was, CISA said it made its announcement with the Department of Energy, the National Security Agency and the FBI.
Programmable logic controllers, or PLCs, are embedded in a large number of plants and factories and any disruption to their operation has the potential to cause damage, from shutdowns to power outages to chemical leaks, damaged equipment or even explosions.
Mr Lee said the tool developed by mystery hackers was “very capable” and had probably been in the works for several years.
“It’s as dangerous as people make it out to be,” he said in an interview.
Western cyber-security officials are already on edge over Russia’s invasion of Ukraine and the spread of malware aimed at causing power outages.
Sergio Caltagirone, Drago’s vice president of threat intelligence, said that Pipedream could be understood as a “toolbox” with various hacking tools. Each component offers a different way of undermining normal controls, giving hackers a variety of options to launch attacks.
For example, Caltagirone said that one of the tools in Pipedream would have allowed the attackers to damage the Schneider Electric PLC in such a way that it would have to be replaced completely.
“Due to existing challenges in the supply chain, it may take longer to obtain replacement checks after such an attack,” he said. “What this means is that a liquefied natural gas plant could be out of operation for months.”