U.S. says advanced hackers have shown ability to hijack critical infrastructure

Warning sign is seen with transfer lines at Dominion Cove Point Liquefied Natural Gas terminal in Maryland
A warning sign at the perimeter of a transfer line area is seen at the Dominion Cove Point Liquefied Natural Gas (LNG) terminal in Lusby, Maryland March 18, 2014. REUTERS/Gary Cameron

WASHINGTON, April 13 (Reuters) - Advanced hackers have shown they can take control of an array of devices that help run power stations and manufacturing plants, the U.S. government said in an alert on Wednesday, warning of the potential for cyber spies to harm critical infrastructure.

The U.S. Cybersecurity and Infrastructure Security Agency and other government agencies issued a joint advisory saying the hackers' malicious software could affect a type of device called programmable logic controllers made by Schneider Electric (SCHN.PA) and OMRON Corp (6645.T).

OMRON did not immediately return a message seeking comment. A Schneider spokesperson confirmed it had worked with U.S. officials to defend against the hackers, calling it "an instance of successful collaboration to deter threats on critical infrastructure before they occur."

The controllers are common across a variety of industries - from gas to food production plants - but Robert Lee, chief executive of cybersecurity firm Dragos, which helped uncover the malware, said researchers believed the hackers' intended targets were liquefied natural gas and electric facilities.

In its alert, the Cybersecurity Agency urged critical infrastructure organizations, "especially Energy Sector organizations," to implement a series of recommendations aimed at blocking and detecting the cyber weapon, named Pipedream.

Although the government warning was vague - it did not say which hackers were behind the malware or if it had actually been used - it sent concern coursing across the industry.

In a sign of how seriously the discovery was being taken, CISA said it was making its announcement alongside the Energy Department, the National Security Agency and the FBI.

Programmable logic controllers, or PLCs, are embedded in a huge number of plants and factories and any interference with their operation has the potential to cause harm, from shutdowns to blackouts to chemical leaks, wrecked equipment or even explosions.

Lee said the tool developed by the mystery hackers was "highly capable" and had likely been in the works for several years.

"It is as dangerous as people are making it out to be," Lee said in an interview.

Western cybersecurity officials are already on edge over Russia's invasion of Ukraine and the deployment of malware aimed at causing electrical outages.

Sergio Caltagirone, Dragos' vice president of threat intelligence, said Pipedream could be understood as a "toolbox" of different hacking tools. Each component offers a different way to subvert normal controls, giving the hackers a variety of options to launch attacks.

For example, Caltagirone said that one of the tools within Pipedream would have allowed the attackers to damage Schneider Electric's PLC in such a way that it would need to be entirely replaced.

"Because of existing supply chain challenges it could take longer to get replacement controllers after such an attack," Caltagirone said. "What this means is a liquefied natural gas facility might be out of commission for months."

Reporting by Christopher Bing and Raphael Satter in Washington and James Pearson in London; additional reporting by Matthieu Protard in Paris; Editing by Leslie Adler and Howard Goller

Our Standards: The Thomson Reuters Trust Principles.

Thomson Reuters

Award-winning reporter covering the intersection between technology and national security with a focus on how the evolving cybersecurity landscape affects government and business.

Thomson Reuters

Reporter covering cybersecurity, surveillance, and disinformation for Reuters. Work has included investigations into state-sponsored espionage, deepfake-driven propaganda, and mercenary hacking.