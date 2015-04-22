A joint cybersecurity advisory issued by CISA, NSA, FBI, and the Department of Energy (DOE) warns of government-backed hacking groups being able to hijack multiple industrial devices using a new ICS-focused malware toolkit.

The federal agencies said the threat actors could use custom-built modular malware to scan for, compromise, and take control of industrial control system (ICS) and supervisory control and data acquisition (SCADA) devices.

"The APT actors' tools have a modular architecture and enable cyber actors to conduct highly automated exploits against targeted devices. Modules interact with targeted devices, enabling operations by lower-skilled cyber actors to emulate higher-skilled actor capabilities," the joint advisory reads.

"The APT actors can leverage the modules to scan for targeted devices, conduct reconnaissance on device details, upload malicious configuration/code to the targeted device, back up or restore device contents, and modify device parameters."

ICS/SCADA devices at risk of being compromised and hijacked include:

Schneider Electric MODICON and MODICON Nano programmable logic controllers (PLCs)

Omron Sysmac NJ and NX PLCs, and

Open Platform Communications Unified Architecture (OPC UA) servers

DOE, CISA, NSA, and the FBI also found that state-sponsored hackers also have malware that leverages CVE-2020-15368 exploits to target Windows systems with ASRock motherboards to execute malicious code and move laterally to and disrupt IT or OT environments.