Pipedream

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
Pipedream, a highly sophisticated malware discovered in 2022, has been designed specifically to infiltrate and control Industrial Control Systems (ICS). Unlike previous ICS-specific malware that was limited to particular industrial segments, Pipedream exhibits versatility across various sectors. It represents a significant escalation in capabilities, with the ability to natively interact with a wide range of ICS devices from different vendors. This advanced functionality makes Pipedream one of the most potent threats to critical infrastructure firms, including those operating in electric grids, oil and gas pipelines, and manufacturing plants. The U.S. cybersecurity officials revealed the existence of Pipedream last year, highlighting its potential for attacking ICS. However, the technical details about the program remained scant, leaving researchers and operators with limited information on how to combat it. The malware toolkit has been associated with the Russian Advanced Persistent Threat (APT) group, which has leveraged several VPN clients for data exfiltration using implants like CredoMap, Mockbin, and the Pipedream service itself. Notably, there is currently no patch available to prevent Pipedream infiltration, necessitating a greater focus on detection and response strategies to mitigate the risk of compromise. The revelation of Pipedream allowed industrial and critical infrastructure firms time to scrutinize their systems for evidence of the malware. Despite the installation of Pipedream in an unnamed system, the threat actors, known as Chernovite, did not initiate the attack, indicating they were not ready to "pull the trigger." Experts warn that Chernovite continues to work on Pipedream, predicting eventual deployment on a victim's network. As such, the unique cross-industry disruptive potential of Pipedream underscores the pressing need for enhanced security measures across all industrial control environments.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Incontroller
2
Incontroller is a highly sophisticated malware platform capable of attacking industrial control systems (ICS). It was discovered in early 2022 and is believed to have been developed by a state actor, with the group Chernovite suspected of being behind its creation. The malware, also referred to as P
Industroyer
1
Industroyer, also known as CrashOverride, is a potent malware specifically designed to target Industrial Control Systems (ICS) used in electrical substations. It first gained notoriety for its role in the 2016 cyberattack on Ukraine's power grid, which resulted in a six-hour blackout in Kyiv. The ma
Badomen
1
BadOmen is a sophisticated malware that was discovered by Dragos to exploit the CVE-2022-34151 vulnerability in order to interact with an HTTP server on targeted Omron NX/NJ controllers. This malicious software, which is part of Pipedream's components, has the potential to wreak havoc by manipulatin
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Ics
Ransomware
Dragos
Apt
Implant
Industrial
Vpn
Russia
Linux
Securityweek
Vulnerability
Exploit
State Sponso...
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
StuxnetUnspecified
1
Stuxnet is a notorious malware, known for its role in one of history's most infamous Advanced Persistent Threat (APT) attacks. Co-developed by the United States and Israel, this military-grade cyberweapon was specifically designed to target Iran's nuclear enrichment facility at Natanz in 2010. The S
CredomapUnspecified
1
CredoMap is a type of malware, malicious software designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it has the potential to steal personal information, disrupt operations, or even
CrashoverrideUnspecified
1
CrashOverride, also known as Industroyer, is a notorious malware that was leveraged in 2016 to disrupt Ukraine's power grid at the transmission substation level. This malicious software, believed to be state-sponsored by Russia, manipulated Industrial Control Systems (ICS) equipment through the abus
Industroyer2Unspecified
1
Industroyer2 is a sophisticated piece of malware designed to target Industrial Control Systems (ICS), developed and deployed by the Russian state-sponsored advanced persistent threat group, Sandworm. The group has been active since 2007 and used Industroyer2 in a significant attack against Ukraine's
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
HavexUnspecified
1
Havex, also known as Dragonfly or the Energetic Bear RAT, is a prominent threat actor in the cybersecurity landscape. Spotted initially in 2013, Havex was part of a broad industrial espionage campaign. The threat actors behind Havex utilized various techniques to infect their targets, including phis
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2022-34151Unspecified
1
None
Source Document References
Information about the Pipedream Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
8 months ago
Revival of Medley/Interlisp: Elegant weapon gets sharpened
CERT-EU
8 months ago
Researchers want more detail on industrial control system alerts
CERT-EU
9 months ago
Several French critical networks subjected to Russian APT attacks
CERT-EU
9 months ago
Four Key Cybersecurity Trends For Industrial Companies
CERT-EU
a year ago
Build OT Skills in Cybersecurity Teams | Dragos
CERT-EU
a year ago
Few companies have visibility into their ICS/OT networks: Report | IT World Canada News
CERT-EU
9 months ago
Executive Insights into Manufacturing Cybersecurity with Rockwell Automation and DragosWebinar. | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
10 months ago
Omron Patches PLC, Engineering Software Flaws Discovered During ICS Malware Analysis
CERT-EU
10 months ago
DHS warns of malicious AI use against critical infrastructure
CERT-EU
a year ago
Search | arXiv e-print repository
CSO Online
a year ago
Attacks on industrial infrastructure on the rise, defenses struggle to keep up
CERT-EU
a year ago
Electrical Grid Stability Relies on Balancing Digital Substation Security
CERT-EU
a year ago
How Cybercriminals Could Attack You: Threat Scenarios Facing Manufacturers
CERT-EU
a year ago
Links 23/02/2023: Transmission 4.0.1 and Ubuntu 22.04.2 LTS
CERT-EU
a year ago
Industrial Control Systems Hardening at the Network, Endpoint, and Protocol Level Imperative
CERT-EU
a year ago
Rockwell Automation exploit spurs fears of critical infrastructure security
BankInfoSecurity
a year ago
Dutch Critical OT Systems Vulnerable to Hacks
CERT-EU
a year ago
Robert M. Lee, CEO and Co-founder | Dragos
DARKReading
10 months ago
A Brief History of ICS-Tailored Attacks
CERT-EU
a year ago
Cyberattacks on Industrial Control Systems Jumped in 2022