CISA Alert AA22-103A – APT Cyber Tools Targeting ICS/SCADA Devices.

The DOE, CISA, NSA, and the FBI are releasing this joint Cybersecurity Advisory to warn that certain APT actors have demonstrated the ability to gain full system access to multiple ICS/SCADA devices, including: Schneider Electric programmable logic controllers, OMRON Sysmac NEX programmable logic controllers, and Open Platform Communications Unified Architecture servers. DOE, CISA, NSA, and the FBI urge critical infrastructure organizations, especially Energy Sector organizations, to implement the detection and mitigation recommendations provided in this CSA to detect potential malicious APT activity and harden their ICS/SCADA devices.

The DOE, CISA, NSA, and the FBI would like to thank Dragos, Mandiant, Microsoft, Palo Alto Networks, and Schneider Electric for their contributions to this joint CSA.

AA22-103A Alert, Technical Details, and Mitigations

Layering Network Security Through Segmentation

Stop Malicious Cyber Activity Against Connected Operational Technology

NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems

Dragos Report: CHERNOVITE’s PIPEDREAM Malware Targeting Industrial Control Systems

All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.