Incontrol login5/29/2023 ![]() This report is related to information shared in CISA Alert (AA22-103A). Further analysis of related threats is available as part of Mandiant Advantage Threat Intelligence. If you need support responding to related activity, please contact Mandiant Consulting. As future modifications to these tools are likely, we believe behavior-based hunting and detection methods will be most effective. ![]() To help asset owners find and defend against INCONTROLLER, we have included a range of mitigations and discovery methods throughout this report. It is comparable to TRITON, which attempted to disable an industrial safety system in 2017 INDUSTROYER, which caused a power outage in Ukraine in 2016 and STUXNET, which sabotaged the Iranian nuclear program around 2010. INCONTROLLER represents an exceptionally rare and dangerous cyber attack capability. INCONTROLLER is very likely state sponsored and contains capabilities related to disruption, sabotage, and potentially physical destruction. While the targeting of any operational environments using this toolset is unclear, the malware poses a critical risk to organizations leveraging the targeted equipment. The tools can interact with specific industrial equipment embedded in different types of machinery leveraged across multiple industries. In early 2022, Mandiant, in partnership with Schneider Electric, analyzed a set of novel industrial control system (ICS)-oriented attack tools-which we call INCONTROLLER (aka PIPEDREAM)-built to target machine automation devices. ![]() ![]()
0 Comments
Leave a Reply. |