“Since early 2022 Dragos has been analysing the PIPEDREAM toolset which is the seventh ever ICS specific malware. We track its developers as the threat group CHERNOVITE, which we assess with high confidence to be a state actor that developed the PIPEDREAM malware for use in disruptive or destructive operations against ICS. Specifically the initial targeting appears to be liquid natural gas and electric community specific. However, the nature of the malware is that it works in a wide variety of industrial controllers and systems.” said Robert M. Lee, CEO and Co-Founder of Dragos.
“The PIPEDREAM malware initially targets Schneider Electric and Omron controllers however there are not vulnerabilities specific to those product lines. PIPEDREAM takes advantage of native functionality in operations, making it more difficult to detect. It includes features such as the ability to spread from controller to controller and leverage popular ICS network protocols such as ModbusTCP and OPC UA.”
“Uniquely, this malware has not been employed in target networks. This provides defenders a unique opportunity to defend ahead of the attacks. While the malicious capability is sophisticated with a wide range of functionality, applying fundamental ICS cybersecurity practices such as having a defensible architecture, ICS specific incident response plan, and ICS network monitoring provide a robust defence against this threat.” said Lee.
