The U.S. Department of Homeland Security issued an updated alert last week stating that a variant of the BlackEnergy malware had infiltrated the SCADA systems that control critical infrastructure, including oil and gas pipelines, water distribution systems and the power grid.
ABC News reported that national security experts believe hackers sponsored by the Russian government are responsible. Although the advisory was updated recently, the campaign may stretch back to at least 2011.
The alert from the Department of Homeland Security's Industrial Control System Cyber Emergency Response Team, or ICS-CERT, noted that the malware was detected, but so far, experts have “not identified any attempts to damage, modify, or otherwise disrupt the victim systems’ control processes.” DHS sources told ABC News that placing the malware but not using it could be a threat geared to deter a U.S. cyberattack on Russian systems.
The report goes on to say that the likely initial infection was through systems running GE’s Cimplicity. The malware has also targeted Advantech/BroadWin WebAccess and Siemens' WinCC. Other vendors may also be affected. The vendors that have been identified have provided patches or are in the process of providing updates, according to EETimes.
This is not the first time, nor likely the last, that foreign actors have targeted industrial control systems. In 2012, Schneider Electric’s SCADA system was hacked by a Chinese group, according to experts.
The current hack on SCADA systems is thought to be part of the same broader campaign known as Sandworm that targeted Microsoft systems used by European governments and institutions.
In an attempt to stay one step ahead of such attacks, the majority of the billions of dollars being spent by utilities on cybersecurity is aimed at control systems and SCADA networks, according to a number of recent surveys.
The ICS-CERT alert was first issued on the cusp of November, which DHS has declared Critical Infrastructure Security and Resilience Month. One of the key activities undertaken during the observance, according to DHS, is bringing together stakeholders to find a more comprehensive approach to securing critical infrastructure.
Watch the short report from ABC News, which features video of a simulated DHS hack: