Incontroller

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
Incontroller is a highly sophisticated malware platform capable of attacking industrial control systems (ICS). It was discovered in early 2022 and is believed to have been developed by a state actor, with the group Chernovite suspected of being behind its creation. The malware, also referred to as Pipedream by cybersecurity firm Dragos, poses a significant threat to ICS operations. It was detected before it was fully employed, indicating that the attackers were close to initiating their plan but were intercepted in time. The Incontroller malware is part of a growing trend of ICS-specific malicious software, demonstrating an increased interest from attackers in these environments. Other notable examples include the BlackEnergy malware used by Russian threat actors to disrupt Ukraine's power grid in 2016, and the Triton/Trisis attack on a Schneider safety system at a Saudi Arabian petrochemical plant. Incontroller, specifically, targets Programmable Logic Controllers (PLCs) from Schneider and Omron, and one of its methods involves exploiting a critical hardcoded credentials issue, known as CVE-2022-34151, to access Omron PLCs. Recent discoveries highlight the continued evolution of such threats, with Industroyer2 and Incontroller found last year, and CosmicEnergy first seen this year. These developments underscore the escalating risks to ICS environments and the need for robust cybersecurity measures. Robert M. Lee, the CEO and co-founder of Dragos, emphasized the near-success of the attackers during a press briefing, illustrating the urgency and seriousness of these threats.
What's your take? (Question 1 of 2)
b820603d-83a5-4575-914e-ffc793cb0589 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Pipedream
2
Pipedream, a highly sophisticated malware discovered in 2022, has been designed specifically to infiltrate and control Industrial Control Systems (ICS). Unlike previous ICS-specific malware that was limited to particular industrial segments, Pipedream exhibits versatility across various sectors. It
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ics
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Incontroller Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CSO Online
a year ago
Attacks on industrial infrastructure on the rise, defenses struggle to keep up
DARKReading
a year ago
CISA Warns on Unpatched ICS Vulnerabilities Lurking in Critical Infrastructure
DARKReading
3 months ago
Improved, Stuxnet-Like PLC Malware Aims to Disrupt Critical Infrastructure
BankInfoSecurity
6 months ago
Ukraine Tracks a Record Number of Cyber Incidents During War
CERT-EU
8 months ago
Omron Patches PLC, Engineering Software Flaws Discovered During ICS Malware Analysis