CISA, DOE, NSA, and FBI Publish Joint Advisory on APT Cyber Tools Targeting ICS/SCADA Devices

CISA, DOE, NSA, and FBI Publish Joint Advisory on APT Cyber Tools Targeting ICS/SCADA Devices


The Cybersecurity and Infrastructure Security Agency (CISA), Department of Energy (DOE), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory to warn that certain advanced persistent threat (APT) actors have exhibited the capability to gain full system access to multiple industrial control system (ICS)/supervisory control and data acquisition (SCADA) devices. The devices include Schneider Electric programmable logic controllers (PLCs), Omron Sysmac NEX PLCs and Open Platform Communications Unified Architecture servers.

The Advisory provides technical details on how APT actors can leverage custom-made tools for targeting ICS/SCADA devices that enable them to scan for, compromise, and control affected devices. By compromising and maintaining full system access to ICS/SCADA devices, APT actors could elevate privileges, move laterally within an operational technology environment, and disrupt critical devices or functions.

DOE, CISA, NSA, and the FBI urge critical infrastructure organizations, especially Energy Sector organizations, to review the advisory for specific products affected, implement the detection and mitigation recommendations to detect potential malicious APT activity, and harden their ICS/SCADA devices

In addition to reviewing this CISA, DOE, NSA, and FBI joint advisory, CISA encourages critical infrastructure executives and senior leaders to review our “Shields Up” webpage at Also, organizations should share information about incidents and unusual activity with CISA’s 24/7 Operations Center at or (888) 282-0870.

Steve Lyddon
Protective Security Advisor, Region 5, Illinois
Cybersecurity & Infrastructure Security Agency
U.S. Department of Homeland Security
217-299-3954 |