Advanced hackers have demonstrated the ability to take control of an array of devices that help run power stations and manufacturing plants, the U.S. government said in an alert issued on Wednesday, sounding the alarm over the potential for cyber spies to harm critical infrastructure.
The U.S. Cybersecurity and Infrastructure Security Agency said in a joint advisory with other government agencies that the hackers’ malicious software could affect a type of device called programmable logic controllers made by Schneider Electric SCHN.PA and OMRON Corp 6645.T.
OMRON did not immediately return a message seeking comment. A Schneider spokesperson did not immediately answer a request for comment.
The controllers are common across a variety of industries – from gas to food production – but Robert Lee, the chief executive of cybersecurity firm Dragos, which helped uncover the malware, said researchers believed the hackers’ intended targets were liquified natural gas and electric facilities.
In its alert, the Cybersecurity Agency urged critical infrastructure organizations, “especially Energy Sector organizations,” to implement a series of recommendations aimed at blocking and detecting the malware.
Although the alert was vague – it did not say which hackers were believed to have developed the malware and gave no indication the malware had actually been used – it sent concern coursing across the industry.
Programmable logic controllers are embedded in a huge number of plants and factories and any interference with their operation has the potential to cause harm, from shutdowns to blackouts to chemical leaks, wrecked equipment or even explosions.
Lee said the tool developed by the mystery hackers was “highly capable” and had likely been in the works for several years.
“It is as dangerous as people are making it out to be,” Lee said in an interview.
Western cybersecurity officials are already on edge over Russia’s invasion of Ukraine, which has recently seen the deployment of malware aimed at causing electrical outages.
In a sign of how seriously the discovery was being taken, CISA said it was making its announcement alongside the Department of Energy, the National Security Agency, and the Federal Bureau of Investigation.
It thanked Dragos, Mandiant, Microsoft, Palo Alto Networks and Schneider Electric for their contributions to the alert.
(Reporting by Christopher Bing and Raphael Satter in Washington and James Pearson in London; additional reporting by Matthieu Protard in Paris; Editing by Leslie Adler)