” href=”https://www.law360.com/cybersecurity-privacy/articles/1484014?utm_source=rss&utm_medium=rss&utm_campaign=section#”>Dave Simpson Law360 (April 13, 2022, 10:50 PM EDT) — Skilled hackers have shown the capability of taking full control of numerous key U.S. infrastructure systems, including those in the energy and manufacturing sector, according to a Wednesday cybersecurity alert from several federal agencies.
The report from the Department of Energy, the Cybersecurity and Infrastructure Security Agency, the National Security Agency, and the Federal Bureau of Investigation claims that these advanced hackers have created custom tools for targeting such systems.
The agencies urged “critical infrastructure organizations, especially energy sector organizations,” to implement the detection and mitigation recommendations addressed in the alert to detect potential malicious threats and harden their industrial control system and supervisory control and data acquisition devices.
The report includes technical explanations as to how these organizations might combat cyberattacks aimed at systems like Schneider Electric programmable logic controllers, OMRON Sysmac NEX programmable logic controllers and Open Platform Communications Unified Architecture servers.
Using the custom tools, the hackers could disrupt critical systems and functions, the agencies said in the report.
“The tools enable them to scan for, compromise and control affected devices once they have established initial access to the operational technology network,” the report said. “Additionally, the actors can compromise Windows-based engineering workstations, which may be present in information technology or [operational technology] environments, using an exploit that compromises an