Incontroller

Incontroller is a highly sophisticated malware platform capable of attacking industrial control systems (ICS). It was discovered in early 2022 and is believed to have been developed by a state actor, with the group Chernovite suspected of being behind its creation. The malware, also referred to as Pipedream by cybersecurity firm Dragos, poses a significant threat to ICS operations. It was detected before it was fully employed, indicating that the attackers were close to initiating their plan but were intercepted in time. The Incontroller malware is part of a growing trend of ICS-specific malicious software, demonstrating an increased interest from attackers in these environments. Other notable examples include the BlackEnergy malware used by Russian threat actors to disrupt Ukraine's power grid in 2016, and the Triton/Trisis attack on a Schneider safety system at a Saudi Arabian petrochemical plant. Incontroller, specifically, targets Programmable Logic Controllers (PLCs) from Schneider and Omron, and one of its methods involves exploiting a critical hardcoded credentials issue, known as CVE-2022-34151, to access Omron PLCs. Recent discoveries highlight the continued evolution of such threats, with Industroyer2 and Incontroller found last year, and CosmicEnergy first seen this year. These developments underscore the escalating risks to ICS environments and the need for robust cybersecurity measures. Robert M. Lee, the CEO and co-founder of Dragos, emphasized the near-success of the attackers during a press briefing, illustrating the urgency and seriousness of these threats.