The US is still on high alert for more cyberattacks against critical infrastructure. TechCrunchnotes the Cybersecurity and Infrastructure Security Agency, Energy Department, FBI and NSA have issued a warning that hackers have developed custom malware to hijack industrial control systems. Nicknamed Incontroller by Mandiant researchers, the "very likely" state-backed code breaches controllers from Omron and Schneider Electric that are frequently used for industrial automation.
Neither the government nor Mandiant attributed Incontroller to a particular country or hacking group. However, Mandiant said the malware's capabilities were "consistent" with Russia's past efforts and its "historical interest" in compromising industrial control systems. The software is complex enough to have required ample expertise to develop, researchers said, and it's not very useful for "financially motivated" hacks. One component, Tagrun, is a "reconnaissance" tool that provides a detailed look at control processes and production systems.
The alert's timing is difficult to ignore. It comes as Ukraine grapples with Russia's invasion, and recently foiled a cyberattack against an energy provider that was allegedly the work of Russian military operatives. The US Justice Department also indicted Russian government staff over years of energy sector attacks. The response also follows a year after a string of attacks against American infrastructure companies like Colonial Pipeline and JBS, although those were ransomware incidents more likely perpetrated by criminal groups.
Regardless of who's responsible, there's no direct protection against Incontroller at the moment. In their warning, US officials recommended common security measures such as multi-factor authentication and frequent password changes to minimize the chances of an intrusion. While it wouldn't be surprising to see companies deliver security fixes in the near future, there's still a practical risk that intruders could disrupt power grids, manufacturers and others that depend on the affected equipment.