The world’s most advanced industrial malware, PIPEDREAM, could be hiding within critical infrastructure control systems ready to unleash its “wartime capabilities,” a management consultancy has warned.
In a post published this week, global business advisory firm Ankura Consulting Group said a worrying aspect of PIPEDREAM, developed by the Russian-linked threat group Chernovite, is its immunity to patching.
“This new-age malware is so dangerous because, in order to alienate the threat, you must fix the whole system rather than simply patching the software vulnerability, a feat that is much more costly, impractical, and time-consuming.”
In a recent report, industrial cybersecurity firm Dragos said the emergence of PIPEDREAM amounted to “a breakthrough escalation in capabilities” for hacking groups targeting industrial control systems (ICS).
“PIPEDREAM is the first reusable cross-industry capability that impacts native functionality in industrial protocols and a wide variety of devices,” the company wrote.
Pipedream was first identified in early 2022 and Ankura said while there had been no known deployments of the malware in the wild, that did not mean it was not a risk.
“Malware could still be sitting stealthily in ICS devices waiting to be executed or newer, more dangerous versions could be in development. If PIPEDREAM or malware with similar capabilities was deployed against a country’s critical infrastructure, it could result in blackouts, the inaccessibility of water systems, hazardous conditions at nuclear sites, and more.”
In February, Politico reported Dragos CEO Robert M. Lee saying Chernovite had attempted to use PIPEDREAM