PIPEDREAM Malware

The US Department of Energy (DOE), CISA, NSA and the FBI, released a joint cybersecurity advisory warning about attack operations carried out by government-backed APT (Advanced Persistent Threat) groups and aimed at critical industrial devices. The custom-built modular malware strains were reported as being able to scan for and compromise ICS (industrial control systems) and SCADA (Supervisory Control And Data Acquisition devices) devices.

One such malware threat has been tracked as PIPEDREAM by the industrial cybersecurity firm Dragos and INCONTROLLER by Mandiant. The threatening strain was discovered by infosec researchers, before it was used in active attack campaigns, giving potential victims the unprecedented chance of establishing appropriate countermeasures. According to Dragos, the PIPEDREAM threat was developed by a threat actor they recognize as the CHERNOVITE Activity Group (AG) and is the seventh ICS-centered malware to ever be identified.

The PIPEDREAM malware is capable of manipulating a wide range of industrial control Programmable Logic Controllers (PLC), as well as industrial software, such as Omron and Schneider Electric. It also can impact commonly used industrial technologies including CoDeSyS, OPC UA and Modbus. In practice, this means that PIPEDREAM can infect a significant portion of the industrial assets around the world. According to Mandiant, the threat's impact could be comparable to that of previously identified malware strains such as TRITON, used back in 2017 in an attempt to disable an industrial safety system, Industroyer, which was the reason for a power outage in Ukraine back in 2016, and STUXNET, a threat that in 2010 was used to sabotage the Iranian nuclear program.