ICS/SCADA Threat Advisory – Joint Cybersecurity Advisory Regarding Advanced Cyber Tools Targeting ICS/SCADA Devices

Given the current threat landscape and recent concerns for the potential of cyber attacks against critical infrastructure, members are highly encouraged to review the following Joint Cybersecurity Advisory regarding newly discovered custom attack tools designed to target ICS/SCADA devices and address accordingly. The current advisory warns of tools that have been created to cause damage to the following components:

• Schneider Electric MODICON and MODICON Nano PLCs, including (but may not be limited to) TM251, TM241, M258, M238, LMC058, and LMC078;
• OMRON Sysmac NJ and NX PLCs, including (but may not be limited to) NEX NX1P2, NX-SL3300, NX-ECC203, NJ501-1300, S8VK, and R88D-1SN10F-ECT; and
• OPC Unified Architecture (OPC UA) servers.

If your utility uses the aforementioned components, it is critical that you review and address this advisory as soon as possible. However, while these components are the first three that have been identified, there is speculation that other manufacturers and components could be impacted. Therefore all utilities are encouraged to apply a risk-based approach to assessing this threat across your ICS/SCADA environment. These tools, which Mandiant and Dragos are tracking respectively as INCONTROLLER and PIPEDREAM, are the seventh ICS-specific malware to be identified since Stuxnet.