CISA Alert AA22-103A – APT Cyber Tools Targeting ICS/SCADA Devices.
The DOE, CISA, NSA, and the FBI are releasing this joint Cybersecurity Advisory to warn that certain APT actors have demonstrated the ability to gain full system access to multiple ICS/SCADA devices, including: Schneider Electric programmable logic controllers, OMRON Sysmac NEX programmable logic controllers, and Open Platform Communications Unified Architecture servers. DOE, CISA, NSA, and the FBI urge critical infrastructure organizations, especially Energy Sector organizations, to implement the detection and mitigation recommendations provided in this CSA to detect potential malicious APT activity and harden their ICS/SCADA devices.
The DOE, CISA, NSA, and the FBI would like to thank Dragos, Mandiant, Microsoft, Palo Alto Networks, and Schneider Electric for their contributions to this joint CSA.
All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at firstname.lastname@example.org or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.