The US DHS CISA and other US Government agencies published (on April 14, 2022) a joint cybersecurity advisory regarding APT cyber tools targeting ICS/SCADA devices, according to which, these tools enable APT actors to scan for, compromise, and control affected devices once they’ve established initial access to the ICS/OT network.
In addition, one of the tools listed can be used to compromise Windows-based engineering workstations, using an exploit that compromises an ASRock motherboard driver with known vulnerabilities. By compromising and maintaining full system access to ICS devices, threat groups could elevate privileges, move laterally within a network, and eventually disrupt critical devices or functions.
The purpose of this brief is to advise Radiflow customers and partners using its iSID industrial threat detection system how to detect various Indicators of Compromise (IOCs) of these advanced attack tools.
Download the White Paper