Public notice from the Department of Energy and Homeland Security, the FBI, and the Department of Homeland Security did not name the actors or provide details about the finding. However, their private partners in cybersecurity said the evidence suggested that Russia was behind the tools – and that they were designed to target North America’s energy concerns first. One of the cybersecurity companies involved, Mandiant, said in a report that the tools’ functionality was “consistent with the malware used in Russia’s previous physical attacks”, although it acknowledged that the evidence linking it to Moscow was ” to a large extent occasionally “. He called the tools “extremely rare and dangerous”. Another government partner, Robert M Lee of Dragos, agreed that a government official almost certainly made the malware, which he said was designed to initially target liquefied natural gas and electricity facilities in North America. Lee referred questions about the identity of the state actor to the US government and will not explain how the malware was discovered except to say that he was arrested “before an attack”. “We are actually one step ahead of the opponent. “None of us want to know where they went wrong.” “Great victory.” The Cyber Security and Infrastructure Security Service (CISA), which issued the warning, declined to identify the threat. The U.S. government has warned vital infrastructure companies that they may face possible cyber-attacks by Russia in retaliation for the harsh economic sanctions imposed on Moscow in response to its February 24 invasion of Ukraine. Officials said the Russian hackers’ interest in the US energy sector was particularly high, and CISA urged in a statement on Wednesday to pay particular attention to the mitigation measures recommended in the alert. Last month, the FBI issued a warning saying Russian hackers had scanned at least five unnamed energy companies for vulnerabilities. Lee said the malware “was designed to be a framework to follow many different types of industries and be exploited multiple times. “Based on its configuration, the initial targets would be LNG and electricity in North America.” Mandiant said the tools posed the greatest threat to Ukraine, NATO members and other states helping Kyiv defend itself against Russian military aggression. He said the malware could be used to shut down critical machines, undermine industrial processes and disable security controllers, leading to physical destruction of machines that could lead to loss of human lives. He compared the tools to Triton, a malware found at a Russian government research institute targeting critical security systems that twice forced the emergency shutdown of a Saudi oil refinery in 2017 and was exploited by malicious Industroyer software. hackers last year to activate power outages in Ukraine. Lee said the recently discovered malware, called Pipedream, is only the seventh such malware to be detected and designed to attack industrial control systems. Lee said Dragos, which specializes in protecting industrial control systems, identified and analyzed its capabilities in early 2022 as part of its routine business research and in collaboration with partners. It would not offer more details. In addition to Dragos and Mandiant, the US government warning thanks Microsoft, Palo Alto Networks and Schneider Electric for their contributions. Schneider Electric is one of the manufacturers mentioned in the alert whose equipment is targeted by malware. Omron is different. Mandiant said it had analyzed the tools in early 2002 with Schneider Electric. In a statement, Palo Alto Networks executive Wendi Whitmore said: “We have been warning for years that our critical infrastructure is under constant attack. “Today’s alerts indicate in detail how sophisticated our opponents have become.” Microsoft had no comment.
