US federal alert warns of the discovery of malicious cyber tools

The CEO of another government partner, Robert M Lee of Dragos, agreed that a state actor almost certainly crafted the malware, which he said was configured to initially target liquified natural gas and electric power sites in North America.

The Cybersecurity and Infrastructure Security Agency (CISA), which published the alert, declined to identify the threat actor.

The US government has warned critical infrastructure industries to gird for possible cyberattacks from Russia as retaliation for severe economic sanctions imposed on Moscow in response to its 24 February invasion of Ukraine.

Officials have said that Russian hacker interest in the US energy sector is particularly high, and CISA urged in a statement Wednesday to be especially mindful of the mitigation measures recommended in the alert. Last month, the FBI issued an alert saying Russian hackers have scanned at least five unnamed energy companies for vulnerabilities.

Mandiant said the tools pose the greatest threat to Ukraine, Nato members and other states assisting Kyiv in its defense against Russian military aggression.

It said the malware could be used to shut down critical machinery, sabotage industrial processes and disable safety controllers, leading to the physical destruction of machinery that could lead to the loss of human lives. It compared the tools to Triton, malware traced to a Russian government research institute that targeted critical safety systems and twice forced the emergency shutdown of a Saudi oil refinery in 2017 and to Industroyer, the malware that Russian military hackers used the previous year to trigger a power outage in Ukraine.

Lee said the newly discovered malware, dubbed Pipedream, is only the seventh such malicious software to be identified that is designed to attack industrial control systems.

Lee said Dragos, which specializes in industrial control system protection, identified and analyzed its capability in early 2022 as part of its normal business research and in collaboration with partners.

He would offer no more specifics. In addition to Dragos and Mandiant, the US government alert offers thanks to Microsoft, Palo Alto Networks and Schneider Electric for their contributions.

Schneider Electric is one of the manufacturers listed in the alert whose equipment is targeted by the malware. Omron is another.

Mandiant said it had analyzed the tools in early 2022 with Schneider Electric.

Microsoft had no comment.