Incontroller

Malware Profile Updated 3 months ago

Download STIX

Preview STIX

Incontroller is a highly sophisticated malware platform capable of attacking industrial control systems (ICS). It was discovered in early 2022 and is believed to have been developed by a state actor, with the group Chernovite suspected of being behind its creation. The malware, also referred to as Pipedream by cybersecurity firm Dragos, poses a significant threat to ICS operations. It was detected before it was fully employed, indicating that the attackers were close to initiating their plan but were intercepted in time. The Incontroller malware is part of a growing trend of ICS-specific malicious software, demonstrating an increased interest from attackers in these environments. Other notable examples include the BlackEnergy malware used by Russian threat actors to disrupt Ukraine's power grid in 2016, and the Triton/Trisis attack on a Schneider safety system at a Saudi Arabian petrochemical plant. Incontroller, specifically, targets Programmable Logic Controllers (PLCs) from Schneider and Omron, and one of its methods involves exploiting a critical hardcoded credentials issue, known as CVE-2022-34151, to access Omron PLCs. Recent discoveries highlight the continued evolution of such threats, with Industroyer2 and Incontroller found last year, and CosmicEnergy first seen this year. These developments underscore the escalating risks to ICS environments and the need for robust cybersecurity measures. Robert M. Lee, the CEO and co-founder of Dragos, emphasized the near-success of the attackers during a press briefing, illustrating the urgency and seriousness of these threats.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Pipedream	2	Pipedream, a highly sophisticated malware discovered in 2022, has been designed specifically to infiltrate and control Industrial Control Systems (ICS). Unlike previous ICS-specific malware that was limited to particular industrial segments, Pipedream exhibits versatility across various sectors. It
Cosmicenergy	1	CosmicEnergy is a form of malware allegedly originating from Russia that targets industrial control systems, specifically those associated with electrical grids. Unlike other forms of malware, CosmicEnergy lacks the built-in functionality to autonomously discover and identify target systems within a
Industroyer2	1	Industroyer2 is a sophisticated piece of malware designed to target Industrial Control Systems (ICS), developed and deployed by the Russian state-sponsored advanced persistent threat group, Sandworm. The group has been active since 2007 and used Industroyer2 in a significant attack against Ukraine's

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Ics

Securityweek

Dragos

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
BlackEnergy	Unspecified	1	BlackEnergy is a potent malware toolkit that has been utilized by criminal and Advanced Persistent Threat (APT) actors since 2007. Its destructive capabilities were notably demonstrated in Ukraine where it was used for cyber-espionage, compromising industrial control systems, and launching attacks a

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
CVE-2022-34151	Unspecified	1	None

Source Document References

Information about the Incontroller Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
DARKReading	5 months ago	Improved, Stuxnet-Like PLC Malware Aims to Disrupt Critical Infrastructure
CSO Online	a year ago	Attacks on industrial infrastructure on the rise, defenses struggle to keep up
BankInfoSecurity	8 months ago	Ukraine Tracks a Record Number of Cyber Incidents During War
CERT-EU	10 months ago	Omron Patches PLC, Engineering Software Flaws Discovered During ICS Malware Analysis
DARKReading	a year ago	CISA Warns on Unpatched ICS Vulnerabilities Lurking in Critical Infrastructure