Mandiant warns of Incontroller ICS malware | #cybersecurity | #cyberattack

GUEST RESEARCH: Mandiant has published new research on a set of “exceptionally rare and dangerous cyber attack” tools, called Incontroller.

Mandiant’s full research, along with a range of mitigation and discovery recommendations for organisations, can be read here.

Incontroller includes three tools that enable the attacker to send instructions to a variety of different industrial control system (ICS) devices embedded in different types of machinery across various critical industries (eg power plants, milling machines, industrial press machines used in many different manufacturing sectors, etc.). It is feasible that each tool could be used independently, or the actor may use the three tools to attack a single environment.

They can be used to:

· Shutdown critical machinery
· Sabotage industrial processes
· Disable safety controllers to cause physical destruction of machinery that could potentially lead to the loss of human lives

The company notes the functionality of Incontroller “is consistent with the malware used in Russia’s prior cyber physical attacks.”

As a result, Mandiant’s experts believe “Incontroller poses the greatest threat to Ukraine, NATO member states, and other states actively responding to Russia’s invasion of Ukraine.”

Mandiant director of intelligence analysis Nathan Brubaker said “Mandiant, in partnership with Schneider Electric, recently analysed a set of novel ICS-oriented attack tools – which we call Incontroller – built to target specific Schneider Electric and Omron devices that are embedded in different types of machinery leveraged across multiple industries. Incontroller represents an exceptionally rare and dangerous cyber attack capability, following Stuxnet, Industroyer, and Trion as the fourth ever attack-oriented ICS malware.

“Incontroller is very likely state-sponsored and contains capabilities related to disruption, sabotage, and potentially physical destruction. While we are unable to definitively attribute the malware, we note that the activity is consistent with Russia’s historical interest in ICS. Incontroller poses a critical risk to organizations leveraging the targeted and affected devices. Organizations should take immediate action to determine if the targeted ICS devices are present in their environments and begin applying vendor-specific countermeasures, discovery methods, and hunting tools.”

Mandiant began conducting its analysis on Incontroller in early 2022, in partnership with Schneider Electric.

Incontroller is comparable to Triton, which attempted to disable an industrial safety system in 2017; Industroyer, which caused a power outage in Ukraine in 2016; and Stuxnet, which sabotaged the Iranian nuclear program around 2010.

Mandiant is also tracking two additional tools that may be related to this threat activity that are affecting Windows-based systems. It is possible that these tools could be used to support the overall attack lifecycle in an Incontroller attack by exploiting Windows-based systems in IT or operational technology (OT) environments.


The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:



Encrypted threats

IoT malware

Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.



It’s all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Original Source link

Leave a Reply

Your email address will not be published.

fifty + = sixty