CISA Launches Webpage of Cyber-Intrusion Campaigns Targeting ICS

Today the Cybersecurity and Infrastructure Security Agency (CISA) launched a webpage with links to advisories and other reports on significant cyber-intrusion campaigns targeting industrial control systems (ICS). The first of the reports is new, providing details on a Chinese state-sponsored activity against U.S. oil and nature gas pipeline companies from 2011 to 2013. Despite the period of this activity, CISA notes the tactics, techniques, and procedures remain relevant to help network defenders protect against intrusions. The other advisories and reports concern historical and previously-disclosed incidents, including the information-stealing and destructive malware “Shamoon,” the ICS-focused malware “Havex,” and the “CrashOverrride” malware used against Ukrainian electricity infrastructure in 2016, among others. CISA urges critical infrastructure owners and operators to review the publications listed above and apply the necessary mitigations. It encourages critical infrastructure owners and operators to report cyber incidents to CISA. Access the webpage at CISA.