{"id":21647,"date":"2022-04-14T17:34:01","date_gmt":"2022-04-14T17:34:01","guid":{"rendered":"https:\/\/www.esecurityplanet.com\/?p=21647"},"modified":"2023-07-27T15:14:59","modified_gmt":"2023-07-27T15:14:59","slug":"critical-infrastructure-ics-scada-under-attack","status":"publish","type":"post","link":"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ics-scada-under-attack\/","title":{"rendered":"Critical Infrastructure, ICS\/SCADA Systems Under Attack by Advanced Threat Groups"},"content":{"rendered":"<p><a href=\"https:\/\/www.esecurityplanet.com\/networks\/critical-infrastructure-security-steps-russia\/\">Critical infrastructure<\/a>, industrial control (ICS) and supervisory control and data acquisition (SCADA) systems are under increasing threat of cyber attacks, according to a number of recent warnings from government agencies and private security researchers.<\/p>\n<p>CERT-UA (Computer Emergency Response Team of Ukraine) <a href=\"https:\/\/cert.gov.ua\/article\/39518\" target=\"_blank\" rel=\"noopener\">reported<\/a> a major attack on Ukrainian energy infrastructure last week. Researchers at ESET and Microsoft collaborated with CERT-UA to analyze the attacks and discovered evidence of a new variant of a known <a href=\"https:\/\/www.esecurityplanet.com\/threats\/malware-types\/\">malware<\/a>.<\/p>\n<p><a href=\"https:\/\/www.esecurityplanet.com\/endpoint\/mitre-endpoint-security-results\/\">Sandworm<\/a>, the <a href=\"https:\/\/www.esecurityplanet.com\/threats\/advanced-persistent-threat\/\">advanced persistent threat (APT)<\/a> group associated with the attack, attempted to disrupt high-voltage electrical substations, probably to destabilize critical energy infrastructures. The state-sponsored group used a new version of the malware \u201cIndustroyer,\u201d dubbed \u201cIndustroyer2\u201d (or \u201cIndustroyer reloaded\u201d), that focuses on disk-wiping and data destruction.<\/p>\n<p>They wrote advanced destructor scripts in Bash to erase traces of the attack and make the system unrecoverable. The ultimate objective was &#8220;decommissioning of several infrastructural elements,&#8221; according to CERT-UA.<\/p>\n<p>While the CERT team declared that &#8220;the implementation of the malicious plan has so far been prevented,&#8221; the incident adds to the <a href=\"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ransomware-attacks-vulnerabilities\/\">heightened state of alert<\/a> that&#8217;s been in place since Russia&#8217;s imminent attack against Ukraine became apparent.<\/p>\n<p>U.S. cybersecurity agencies yesterday <a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/current-activity\/2022\/04\/13\/apt-actors-target-icsscada-devices\" target=\"_blank\" rel=\"noopener\">encouraged<\/a> U.S. critical infrastructure organizations to be on alert for similar threats against ICS\/SCADA systems and to review recommended mitigations to prevent attacks.<\/p>\n<p>Indeed, Sandworm&#8217;s tactics and procedures can be used to take down energy companies anywhere in the world, including U.S. and European facilities.<\/p>\n<p>Also read: <a href=\"https:\/\/www.esecurityplanet.com\/networks\/critical-infrastructure-security-steps-russia\/\">SANS Outlines Critical Infrastructure Security Steps as Russia, U.S. Trade Cyberthreats<\/a><\/p>\n<h2><strong>Latest Sandworm Attack Against Ukraine<\/strong><\/h2>\n<p>The Sandworm APT group has been behind a number of destructive attacks, <a href=\"https:\/\/www.esecurityplanet.com\/threats\/malware-behind-ukraine-blackout-analyzed\/\">especially against Ukraine&#8217;s power grid<\/a>. For example:<\/p>\n<ul>\n<li>2015: Sandworm cut the power grid in Ukraine for several hours with a malware called \u201cBlackEnergy\u201d<\/li>\n<li>Late 2016: Ukraine blamed Russian security services for thousands of cyber attacks against its infrastructure<\/li>\n<li>December 2016: Sandworm used Industroyer1 for a power outage that received some attention in Kyiv, Ukraine&#8217;s capital<\/li>\n<\/ul>\n<p>Industroyer1 was specifically made to attack electric grids. ESET <a href=\"https:\/\/www.welivesecurity.com\/wp-content\/uploads\/2017\/06\/Win32_Industroyer.pdf\" target=\"_blank\" rel=\"noopener\">published<\/a> a complete analysis in 2017 that stated: &#8220;Those behind the Win32\/Industroyer malware have a deep knowledge and understanding of industrial control systems and, specifically, the industrial protocols used in electric power systems.&#8221;<\/p>\n<h2><strong>High-profile and Multi-stage Attacks<\/strong><\/h2>\n<p>According to <a href=\"https:\/\/www.welivesecurity.com\/2022\/04\/12\/industroyer2-industroyer-reloaded\/\" target=\"_blank\" rel=\"noopener\">ESET<\/a>, &#8220;we don\u2019t know how attackers compromised the initial victim nor how they moved from the IT network to the Industrial Control System (ICS) network,&#8221; but Sandworm is known for using <a href=\"https:\/\/www.esecurityplanet.com\/networks\/living-off-the-land-attacks\/\">LOTL<\/a> (living-off-the-land techniques), job schedulers in Unix systems (cron jobs), and task schedulers in Windows.<\/p>\n<p>Such <a href=\"https:\/\/www.esecurityplanet.com\/threats\/a-few-clicks-from-data-disaster-enterprise-security\/\">lateral movements<\/a> are often used to escalate privileges, for example, in <a href=\"https:\/\/www.esecurityplanet.com\/products\/active-directory-security-tools\/\">Active Directory<\/a>.<\/p>\n<p>While we only know a few details about the malware and its capabilities, ESET discovered Sandworm used other destructive malware families like CaddyWiper, ORCSHRED, SOLOSHRED and AWFULSHRED. This multi-stage approach allows for deploying malware on various operating systems such as Windows, Linux, and Solaris:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-21648\" src=\"https:\/\/www.esecurityplanet.com\/wp-content\/uploads\/2022\/04\/eset-schema.jpeg\" alt=\"industroyer schema\" width=\"806\" height=\"649\" srcset=\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/04\/eset-schema.jpeg 806w, https:\/\/assets.esecurityplanet.com\/uploads\/2022\/04\/eset-schema-300x242.jpeg 300w, https:\/\/assets.esecurityplanet.com\/uploads\/2022\/04\/eset-schema-768x618.jpeg 768w, https:\/\/assets.esecurityplanet.com\/uploads\/2022\/04\/eset-schema-150x121.jpeg 150w, https:\/\/assets.esecurityplanet.com\/uploads\/2022\/04\/eset-schema-696x560.jpeg 696w\" sizes=\"(max-width: 806px) 100vw, 806px\" \/><\/p>\n<p>Industroyer2 is a Windows executable named 108_100.exe that implements very specific communication protocols designed for industrial equipment:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-21649\" src=\"https:\/\/www.esecurityplanet.com\/wp-content\/uploads\/2022\/04\/industroyer2.png\" alt=\"industroyer2\" width=\"911\" height=\"515\" srcset=\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/04\/industroyer2.png 911w, https:\/\/assets.esecurityplanet.com\/uploads\/2022\/04\/industroyer2-300x170.png 300w, https:\/\/assets.esecurityplanet.com\/uploads\/2022\/04\/industroyer2-768x434.png 768w, https:\/\/assets.esecurityplanet.com\/uploads\/2022\/04\/industroyer2-150x85.png 150w, https:\/\/assets.esecurityplanet.com\/uploads\/2022\/04\/industroyer2-696x393.png 696w\" sizes=\"(max-width: 911px) 100vw, 911px\" \/><\/p>\n<p>Also read: <a href=\"https:\/\/www.esecurityplanet.com\/products\/active-directory-security-tools\/\">10 Top Active Directory Security Tools<\/a><\/p>\n<h2><strong>Industroyer&#8217;s New Capabilities<\/strong><\/h2>\n<p>The researchers who analyzed the .exe file estimated it\u2019s the same code base as the infamous Industroyer, hence the name Industroyer2.<\/p>\n<p>However, the new malware contains hardcoded configurations in its body. On the one hand, it gives the hackers more capabilities. On the other hand, it needs to be recompiled for each new target, which might slow the attack significantly.<\/p>\n<p>According to ESET, it\u2019s not a major inconvenience, though, as \u201cthe Industroyer* malware family has only been deployed twice.\u201d<\/p>\n<p>The researchers have interpreted the weird error codes generated by the .exe in the prompt as an obfuscation attempt to jam <a href=\"https:\/\/www.esecurityplanet.com\/products\/digital-forensics-software\/\">forensic<\/a> analysis.<\/p>\n<p>Sandworm used Industroyer2 and other Linux\/Solaris malware to schedule tasks and execute destructor scripts in parallel using sensitive commands such as shred. Hackers may have used that approach to minimize the time required to completely wipe disks, as such operations can take a while.<\/p>\n<p>Researchers also noticed Industroyer2 was compiled two weeks before the attack at 16:10:00 UTC, the timestamp of the attack, so the attackers meticulously planned the operation.<\/p>\n<p>The scripts were also designed to control ICS systems to prevent any rollback, and to ultimately self-destruct.<\/p>\n<p>Also read: <a href=\"https:\/\/www.esecurityplanet.com\/products\/digital-forensics-software\/\">Best Digital Forensics Tools &amp; Software<\/a><\/p>\n<h2><strong>Defending Against Industroyer and ICS Threats<\/strong><\/h2>\n<p>Defenders can inspect the <a href=\"https:\/\/www.virustotal.com\/gui\/file\/cda9310715b7a12f47b7c134260d5ff9200c147fc1d05f030e507e57e3582327\/community\" target=\"_blank\" rel=\"noopener\">sample<\/a> available on VirusTotal for IoCs (indicators of compromise), and CERT-UA <a href=\"https:\/\/cert.gov.ua\/article\/39518\" target=\"_blank\" rel=\"noopener\">provided<\/a> a detailed report that can help with evidence detection.<\/p>\n<p>More generally, companies should protect critical infrastructure &#8211; and any infrastructure, really &#8211; against privilege escalations. There are effective ways to achieve that, such as:<\/p>\n<ul>\n<li>Least privilege (&#8220;<a href=\"https:\/\/www.esecurityplanet.com\/products\/zero-trust-security-solutions\/\">zero trust<\/a>&#8220;) approach and appropriate <a href=\"https:\/\/www.esecurityplanet.com\/networks\/microsegmentation-is-catching-on-as-key-to-zero-trust\/\">network segmentation<\/a><\/li>\n<li>Regular <a href=\"https:\/\/www.esecurityplanet.com\/networks\/penetration-testing-vs-vulnerability-testing\/\">penetration tests and vulnerability assessments<\/a>, especially with large Active Directory (global configurations, Group Policy Objects, Domain controllers, OUs, dormant accounts, etc.)<\/li>\n<li>Active endpoint monitoring (e.g., using <a href=\"https:\/\/www.esecurityplanet.com\/products\/edr-solutions\/\">EDR<\/a>)<\/li>\n<li>Strong <a href=\"https:\/\/www.esecurityplanet.com\/products\/best-password-managers\/\">password<\/a> policies and management<\/li>\n<li>Requiring 2FA (two-factor authentication) or MFA (<a href=\"https:\/\/www.esecurityplanet.com\/mobile\/multi-factor-authentication\/\">multi-factor authentication<\/a>) for all accounts<\/li>\n<li><a href=\"https:\/\/www.esecurityplanet.com\/applications\/whitelisting-vs-blacklisting-which-is-better\/\">Whitelisting<\/a> third-party applications carefully and reviewing permissions<\/li>\n<li>Aggressive <a href=\"https:\/\/www.esecurityplanet.com\/products\/patch-management-software\/\">patch management<\/a><\/li>\n<\/ul>\n<p>Organizations should prepare for post-exploitation techniques and lateral movements. In this case, the hackers presumably included in the Bash scripts lists stolen credentials they had prior the attack, which allowed iterating the operation over networks accessible through basic commands such as ip route or ifconfig -a.<\/p>\n<p>These sophisticated hackers obviously can run multi-stage and high-profile attacks, wiping data in parallel and generating waves of destruction across different operating systems and equipment used in strategically important sectors.<\/p>\n<p>However, this failed attempt might also encourage defenders somehow. While critical sectors such as energy still have to deal with bad practices and inadequate defenses in 2022, <a href=\"https:\/\/www.esecurityplanet.com\/products\/cybersecurity-training\/\">security awareness<\/a>, forensic analysis, endpoint monitoring, <a href=\"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/\">threat hunting<\/a>, threat emulation and other defensive techniques are sometimes rewarded.<\/p>\n<p>While the incident could be the first step in a more massive disruptive campaign against Ukrainian infrastructures, it showed it\u2019s still possible to learn from previous mistakes and mitigate further attacks, regardless of an adversary&#8217;s level of sophistication.<\/p>\n<p>Read next: <a href=\"https:\/\/www.esecurityplanet.com\/networks\/best-incident-response-tools-services\/\">Best Incident Response Tools and Software<\/a><\/p>\n\n\n<div id=\"ta-campaign-widget-66d6e3359d99c-popup-wrapper\" class=\"ta-campaign-widget__popup-wrapper\">\n    \n<div\n    style=\"\n        --ta-campaign-plugin-primary: #3545ed;\n        --ta-campaign-plugin-button-text: #fff;\n        --ta-campaign-plugin-button-hover-background: #3231b4;\n        --ta-campaign-plugin-button-hover-text: #fff;\n        --ta-campaign-plugin-button-toggle-background: #3231b4;\n        --ta-campaign-plugin-button-toggle-text: #3231B4;\n    \"\n    data-ajax-url=\"https:\/\/www.esecurityplanet.com\/wp\/wp-admin\/admin-ajax.php\">\n    <div\n        id=\"ta-campaign-widget-66d6e3359d99c\"\n        class=\"ta-campaign-widget ta-campaign-widget--popup\"\n        data-campaign-fields='{\"properties\":{\"campaign_type\":\"popup\",\"campaign_category\":false,\"sailthru_list\":[\"cybersecurity-insider\"],\"popup_type\":\"exit_intent\",\"appearance\":{\"colors\":{\"primary_color\":\"#3545ed\",\"button\":{\"button_text_color\":\"#fff\",\"hover\":{\"button_hover_background_color\":\"#3231b4\",\"button_hover_text_color\":\"#fff\"},\"toggle\":{\"button_toggle_background_color\":\"#3231b4\",\"button_toggle_text_color\":\"#3231B4\"}}},\"custom_scss\":\"\"},\"behavior\":{\"opt_in_enabled\":true},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}},\"identifier\":\"66d6e3359d99c\",\"campaign_id\":26045,\"campaign_type\":\"popup\",\"popup_type\":\"exit_intent\",\"newsletters\":[\"cybersecurity-insider\"],\"behavior\":{\"opt_in_enabled\":true},\"appearance\":{\"colors\":{\"primary\":\"#3545ed\",\"button\":{\"text\":\"#fff\",\"hover\":{\"background\":\"#3231b4\",\"text\":\"#fff\"},\"toggle\":{\"background\":\"#3231b4\",\"text\":\"#3231B4\"}}},\"custom_css\":\"\"},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}}'>\n\n                <div class=\"ta-campaign-widget__exit\">\n            <svg class=\"w-8\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.5\" viewBox=\"0 0 24 24\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\">\n                <path stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M6 18L18 6M6 6l12 12\"><\/path>\n            <\/svg>\n        <\/div>\n        \n        <div class=\"ta-campaign-widget__wrapper\">\n            <div class=\"ta-campaign-widget__header mb-6\">\n                                <h3 class=\"ta-campaign-widget__tagline\">\n                    Get the Free Cybersecurity Newsletter                <\/h3>\n                \n                \n                                <p class=\"ta-campaign-widget__content mt-6\">\n                    Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday                <\/p>\n                            <\/div>\n\n            <form class=\"ta-campaign-widget__form\">\n                <div class=\"ta-campaign-widget__input mb-4\"  data-field=\"email\">\n                    <label\n                        class=\"sr-only\"\n                        for=\"email-66d6e3359d99c\">\n                        Email Address\n                    <\/label>\n                    <input\n                        class=\"ta-campaign-widget__input__text\"\n                        placeholder=\"Work Email Address\"\n                        id=\"email-66d6e3359d99c\"\n                        name=\"email\"\n                        type=\"email\">\n                <\/div>\n\n                                <div class=\"ta-campaign-widget__checkbox mb-4\" data-field=\"opt_in\">\n                    <div class=\"flex items-start\">\n                        <input\n                            id=\"opt-in-66d6e3359d99c\"\n                            class=\"ta-campaign-widget__checkbox__input mr-2\"\n                            name=\"opt-in\"\n                            type=\"checkbox\"\/>\n                        <label\n                            class=\"ta-campaign-widget__checkbox__label\"\n                            for=\"opt-in-66d6e3359d99c\">\n                            By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.                        <\/label>\n                    <\/div>\n                <\/div>\n                \n                <button class=\"ta-campaign-widget__button\" type=\"submit\" >\n                    Subscribe                <\/button>\n            <\/form>\n        <\/div>\n    <\/div>\n<\/div>\n\n<style>\n<\/style><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Critical infrastructure, industrial control (ICS) and supervisory control and data acquisition (SCADA) systems are under increasing threat of cyber attacks, according to a number of recent warnings from government agencies and private security researchers. CERT-UA (Computer Emergency Response Team of Ukraine) reported a major attack on Ukrainian energy infrastructure last week. Researchers at ESET and [&hellip;]<\/p>\n","protected":false},"author":267,"featured_media":21648,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_gazelle_contributing_experts":"","footnotes":""},"categories":[14,15],"tags":[14716,23707],"b2b_audience":[33,35],"b2b_industry":[53],"b2b_product":[31788,377,381],"class_list":["post-21647","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-networks","category-threats","tag-apt","tag-critical-infrastructure-cybersecurity","b2b_audience-awareness-and-consideration","b2b_audience-implementation-and-support","b2b_industry-energy","b2b_product-advanced-persistent-threats","b2b_product-gateway-and-network-security","b2b_product-network-access-control-nac"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Critical Infrastructure, ICS\/SCADA Systems Under Attack by Advanced Threat Groups | eSecurity Planet<\/title>\n<meta name=\"description\" content=\"The Russian war in Ukraine is leading to critical infrastructure attacks in the U.S. and Europe. Here are critical defenses to implement.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ics-scada-under-attack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Critical Infrastructure, ICS\/SCADA Systems Under Attack by Advanced Threat Groups | eSecurity Planet\" \/>\n<meta property=\"og:description\" content=\"The Russian war in Ukraine is leading to critical infrastructure attacks in the U.S. and Europe. Here are critical defenses to implement.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ics-scada-under-attack\/\" \/>\n<meta property=\"og:site_name\" content=\"eSecurity Planet\" \/>\n<meta property=\"article:published_time\" content=\"2022-04-14T17:34:01+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-07-27T15:14:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/04\/eset-schema.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"806\" \/>\n\t<meta property=\"og:image:height\" content=\"649\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Julien Maury\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:site\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Julien Maury\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ics-scada-under-attack\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ics-scada-under-attack\/\"},\"author\":{\"name\":\"Julien Maury\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/4723f5dca54d7ee1d8111912ac8b1d4a\"},\"headline\":\"Critical Infrastructure, ICS\/SCADA Systems Under Attack by Advanced Threat Groups\",\"datePublished\":\"2022-04-14T17:34:01+00:00\",\"dateModified\":\"2023-07-27T15:14:59+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ics-scada-under-attack\/\"},\"wordCount\":1007,\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ics-scada-under-attack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/04\/eset-schema.jpeg\",\"keywords\":[\"APT\",\"Critical Infrastructure Cybersecurity\"],\"articleSection\":[\"Networks\",\"Threats\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ics-scada-under-attack\/\",\"url\":\"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ics-scada-under-attack\/\",\"name\":\"Critical Infrastructure, ICS\/SCADA Systems Under Attack by Advanced Threat Groups | eSecurity Planet\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ics-scada-under-attack\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ics-scada-under-attack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/04\/eset-schema.jpeg\",\"datePublished\":\"2022-04-14T17:34:01+00:00\",\"dateModified\":\"2023-07-27T15:14:59+00:00\",\"description\":\"The Russian war in Ukraine is leading to critical infrastructure attacks in the U.S. and Europe. Here are critical defenses to implement.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ics-scada-under-attack\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ics-scada-under-attack\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ics-scada-under-attack\/#primaryimage\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/04\/eset-schema.jpeg\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/04\/eset-schema.jpeg\",\"width\":806,\"height\":649,\"caption\":\"industroyer schema\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ics-scada-under-attack\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.esecurityplanet.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Critical Infrastructure, ICS\/SCADA Systems Under Attack by Advanced Threat Groups\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"name\":\"eSecurity Planet\",\"description\":\"Industry-leading guidance and analysis for how to keep your business secure.\",\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.esecurityplanet.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\",\"name\":\"eSecurityPlanet\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"width\":1134,\"height\":375,\"caption\":\"eSecurityPlanet\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/eSecurityPlanet\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/4723f5dca54d7ee1d8111912ac8b1d4a\",\"name\":\"Julien Maury\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/02\/JulienMaury-AvatarImg-150x150.webp\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/02\/JulienMaury-AvatarImg-150x150.webp\",\"caption\":\"Julien Maury\"},\"description\":\"eSecurity Planet contributor Julien Maury writes about penetration testing, code security, open source security and more. He is a backend developer, a mentor and a technical writer who enjoys sharing his knowledge and learning new concepts.\",\"url\":\"https:\/\/www.esecurityplanet.com\/author\/jmaury\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Critical Infrastructure, ICS\/SCADA Systems Under Attack by Advanced Threat Groups | eSecurity Planet","description":"The Russian war in Ukraine is leading to critical infrastructure attacks in the U.S. and Europe. Here are critical defenses to implement.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ics-scada-under-attack\/","og_locale":"en_US","og_type":"article","og_title":"Critical Infrastructure, ICS\/SCADA Systems Under Attack by Advanced Threat Groups | eSecurity Planet","og_description":"The Russian war in Ukraine is leading to critical infrastructure attacks in the U.S. and Europe. Here are critical defenses to implement.","og_url":"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ics-scada-under-attack\/","og_site_name":"eSecurity Planet","article_published_time":"2022-04-14T17:34:01+00:00","article_modified_time":"2023-07-27T15:14:59+00:00","og_image":[{"width":806,"height":649,"url":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/04\/eset-schema.jpeg","type":"image\/jpeg"}],"author":"Julien Maury","twitter_card":"summary_large_image","twitter_creator":"@eSecurityPlanet","twitter_site":"@eSecurityPlanet","twitter_misc":{"Written by":"Julien Maury","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ics-scada-under-attack\/#article","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ics-scada-under-attack\/"},"author":{"name":"Julien Maury","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/4723f5dca54d7ee1d8111912ac8b1d4a"},"headline":"Critical Infrastructure, ICS\/SCADA Systems Under Attack by Advanced Threat Groups","datePublished":"2022-04-14T17:34:01+00:00","dateModified":"2023-07-27T15:14:59+00:00","mainEntityOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ics-scada-under-attack\/"},"wordCount":1007,"publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ics-scada-under-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/04\/eset-schema.jpeg","keywords":["APT","Critical Infrastructure Cybersecurity"],"articleSection":["Networks","Threats"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ics-scada-under-attack\/","url":"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ics-scada-under-attack\/","name":"Critical Infrastructure, ICS\/SCADA Systems Under Attack by Advanced Threat Groups | eSecurity Planet","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ics-scada-under-attack\/#primaryimage"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ics-scada-under-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/04\/eset-schema.jpeg","datePublished":"2022-04-14T17:34:01+00:00","dateModified":"2023-07-27T15:14:59+00:00","description":"The Russian war in Ukraine is leading to critical infrastructure attacks in the U.S. and Europe. Here are critical defenses to implement.","breadcrumb":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ics-scada-under-attack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ics-scada-under-attack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ics-scada-under-attack\/#primaryimage","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/04\/eset-schema.jpeg","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/04\/eset-schema.jpeg","width":806,"height":649,"caption":"industroyer schema"},{"@type":"BreadcrumbList","@id":"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ics-scada-under-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esecurityplanet.com\/"},{"@type":"ListItem","position":2,"name":"Critical Infrastructure, ICS\/SCADA Systems Under Attack by Advanced Threat Groups"}]},{"@type":"WebSite","@id":"https:\/\/www.esecurityplanet.com\/#website","url":"https:\/\/www.esecurityplanet.com\/","name":"eSecurity Planet","description":"Industry-leading guidance and analysis for how to keep your business secure.","publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esecurityplanet.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.esecurityplanet.com\/#organization","name":"eSecurityPlanet","url":"https:\/\/www.esecurityplanet.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","width":1134,"height":375,"caption":"eSecurityPlanet"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/eSecurityPlanet"]},{"@type":"Person","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/4723f5dca54d7ee1d8111912ac8b1d4a","name":"Julien Maury","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/02\/JulienMaury-AvatarImg-150x150.webp","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/02\/JulienMaury-AvatarImg-150x150.webp","caption":"Julien Maury"},"description":"eSecurity Planet contributor Julien Maury writes about penetration testing, code security, open source security and more. He is a backend developer, a mentor and a technical writer who enjoys sharing his knowledge and learning new concepts.","url":"https:\/\/www.esecurityplanet.com\/author\/jmaury\/"}]}},"_links":{"self":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/21647"}],"collection":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/users\/267"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/comments?post=21647"}],"version-history":[{"count":1,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/21647\/revisions"}],"predecessor-version":[{"id":31234,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/21647\/revisions\/31234"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media\/21648"}],"wp:attachment":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media?parent=21647"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/categories?post=21647"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/tags?post=21647"},{"taxonomy":"b2b_audience","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_audience?post=21647"},{"taxonomy":"b2b_industry","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_industry?post=21647"},{"taxonomy":"b2b_product","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_product?post=21647"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}