On April 13, 2022, the Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA) warning of a newly discovered malware targeting the systems that control electricity and natural gas infrastructure.[1] The CSA said the new malware has a modular architecture and is able to conduct highly automated attacks against critical infrastructure. The CSA warns that it could enable lower-skilled cyber actors to emulate higher-skilled capabilities. The malware has a wide range of uses, including initial infiltration, reconnaissance, uploading malicious configuration or code to the targeted device, backing up or restoring device contents, and modifying device parameters.
In the announcement, the government agencies urged critical infrastructure companies, particularly those in the energy sector, to implement the CSA’s detection and mitigation recommendations. These recommendations include enforcing multifactor authentication for remote access and having a cyber incident response plan. The government announcement credited Dragos, Mandiant, Microsoft, Palo Alto Networks, and Schneider Electric SE with helping to discover and analyze the malware. Cybersecurity firms Dragos and Mandiant have also published their own respective reports on the malware.