Advisory on APT Cyber Tools Targeting ICS/SCADA Devices
The Cybersecurity and Infrastructure Security Agency (CISA), Department of Energy (DOE), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory to warn that certain advanced persistent threat (APT) actors have exhibited the capability to gain full system access to multiple industrial control system (ICS)/supervisory control and data acquisition (SCADA) devices. The devices include Schneider Electric programmable logic controllers (PLCs), Omron Sysmac NEX PLCs and Open Platform Communications Unified Architecture (OPC UA) servers.
The Advisory provides technical details on how APT actors can leverage custom-made tools for targeting ICS/SCADA devices that enable them to scan for, compromise, and control affected devices. By compromising and maintaining full system access to ICS/SCADA devices, APT actors could elevate privileges, move laterally within an operational technology (OT) environment, and disrupt critical devices or functions.
DOE, CISA, NSA, and the FBI urge critical infrastructure organizations, especially Energy Sector organizations, to review the advisory for specific products affected, implement the detection and mitigation recommendations to detect potential malicious APT activity, and harden their ICS/SCADA devices
In addition to reviewing this CISA, DOE, NSA, and FBI joint advisory, CISA encourages critical infrastructure executives and senior leaders to review our “Shields Up” webpage at www.cisa.gov/shields-up. Also, organizations should share information about incidents and unusual activity with CISA’s 24/7 Operations Center at firstname.lastname@example.org or (888) 282-0870.