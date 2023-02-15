



While the US government revealed last year that new malware called PIPEDREAM was capable of infiltrating US industrial control systems in several key sectors, Lees’ comments suggest the danger was more acute than officials had believed. revealed. And its revelation offers a new picture of the vulnerability of the United States’ energy supply to a crippling cyberattack, a possibility that had caused widespread concern during the build-up to Russian President Vladimir Putin’s invasion in February 2022.

Lee described the malware as a state-level warfare capability. He did not say if the malware had actually been installed in the targeted networks or if the hackers were about to break into the systems.

Although Dragos does not link hacking groups to nation states as a policy, other security researchers have said that the PIPEDREAM malware used by Chernovite is likely linked to Russia.

The United States announced the discovery of the dangerous malware in April 2022, just three weeks after President Joe Biden warned that Russia was exploring options for potential cyberattacks against the United States and urged critical infrastructure groups to step up their security efforts.

Lee said Dragos worked with partners including the Cybersecurity and Infrastructure Security Agency, the Department of Energy, the FBI and the National Security Agency to prevent something from entering US soil that was going to be disruptive in nature.

I don’t use those words lightly, not trying to exaggerate anything, but the state actor responsible for this, there’s no way it’s not their package of choice to actually be able to do fall infrastructure, Lee said.

A CISA spokesperson declined to comment on the impact of the malware, and the other three agencies did not respond to requests for comment. When first announcing the discovery of the malware, the agencies said in a joint alert that some advanced persistent threat actors were using new tools to impact multiple types of industrial control systems.

According to Dragos, the PIPEDREAM malware is the very first type that can be used in a variety of industrial control systems, and was not designed to disrupt any specific system, which makes it particularly dangerous. The malware also does not enter systems through patchable vulnerabilities, which makes it very difficult to defend against.

You could increase temperatures, you could have dangerous conditions in a plant, Lee said of the impact using PIPEDREAM could have. There is no need to exploit anything, there is no need to find a vulnerability when a capability is already built into the factory for the factory environments to work.

Lee told reporters he believed that since the PIPEDREAM malware hadn’t been successfully used against any US infrastructure, the security community quickly outgrew it, but there was more to come from these hackers. .

Chernovite is still active, so we assess with great confidence that they are still active and working on this framework and expect to see it deployed in the future, Lee said.

