US says advanced hackers can hijack critical infrastructure

By on
US says advanced hackers can hijack critical infrastructure

Equipment from Omron, Schneider must be patched.

Hackers have demonstrated the ability to take control of an array of devices that help run power stations and manufacturing plants, the US government said in a recent alert, sounding the alarm over the potential for cyber spies to harm critical infrastructure.

The US Cybersecurity and Infrastructure Security Agency said in a joint advisory with other government agencies that the hackers' malicious software could affect programmable logic controllers made by Schneider Electric and OMRON.

OMRON did not immediately return a message seeking comment. A Schneider spokesperson did not immediately answer a request for comment.

The controllers are common across a variety of industries - from gas to food production - but Robert Lee, the chief executive of cybersecurity firm Dragos, which helped uncover the malware, said researchers believed the hackers' intended targets were liquified natural gas and electric facilities.

In its alert, the Cybersecurity Agency urged critical infrastructure organizations, "especially energy sector organizations," to implement a series of recommendations aimed at blocking and detecting the malware.

Although the alert was vague - it did not say which hackers were believed to have developed the malware and gave no indication the malware had actually been used - it sent concern coursing across the industry.

Programmable logic controllers are embedded in a huge number of plants and factories and any interference with their operation has the potential to cause harm, from shutdowns to blackouts to chemical leaks, wrecked equipment or even explosions.

Lee said the tool developed by the mystery hackers was "highly capable" and had likely been in the works for several years.

"It is as dangerous as people are making it out to be," Lee said in an interview.

In a sign of how seriously the discovery was being taken, CISA said it was making its announcement alongside the Department of Energy, the National Security Agency, and the Federal Bureau of Investigation.

It thanked Dragos, Mandiant, Microsoft, Palo Alto Networks and Schneider Electric for their contributions to the alert.

Got a news tip for our journalists? Share it with us anonymously here.
Tags:
critical infrastructurecyber securitygridhackersomronrussiaschneidersecurityukraineukraine war

Sponsored Whitepapers

Planning before the breach: You can&#8217;t protect what you can&#8217;t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership
Don&#8217;t pay the ransom: A three-step guide to ransomware protection
Don’t pay the ransom: A three-step guide to ransomware protection

Events

Most Read Articles

Defence calls in KPMG for mammoth data uplift

Defence calls in KPMG for mammoth data uplift
Mandatory cyber security incident reporting now in force

Mandatory cyber security incident reporting now in force
ASD to create cyber security hubs in three states

ASD to create cyber security hubs in three states
Macquarie Group creates new global head of engineering

Macquarie Group creates new global head of engineering

Digital Nation

Metaverse hype will transition into new business models by mid decade: Gartner
Metaverse hype will transition into new business models by mid decade: Gartner
Case Study: PlayHQ leverages graph technologies for sports administration
Case Study: PlayHQ leverages graph technologies for sports administration
The other &#8216;CTO&#8217;: The emerging role of the chief transformation officer
The other ‘CTO’: The emerging role of the chief transformation officer
As NFTs gain traction, businesses start taking early bets
As NFTs gain traction, businesses start taking early bets
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre

Log In

  |  Forgot your password?