Industrial Electronics

Malware toolkit compared to Swiss army knife

27 April 2022
Source: cravetiger/Getty Images

Malware intended to attack industrial control systems such as power grids, industrial facilities, water utilities and oil refineries is a unique breed of digital evil. When the U.S. government warns of a bit of software designed to attack not just one of those industries, but presumably all of them, critical infrastructure shareholders around the world should take heed.

The U.S. Cybersecurity and Infrastructure Security Agency, the U.S. National Security Agency and the FBI issued a joint notice recently about a new hacker toolset that may be capable of interfering with a wide range of industrial control system hardware.

The malware contains more components designed to disrupt or take control of the functioning of devices than any prior industrial control system hacking toolkit, including programmable logic controllers (PLCs) sold by Schneider Electric and OMRON and created to support as the interface between traditional computers and the actuators and sensors in industrial settings.

Learn more about threats to industrial control networks at GlobalSpec’s upcoming roundtable series about Cybersecurity for Industrial Systems.

"This is the most expansive industrial control system attack tool that anyone has ever documented," says Sergio Caltagirone, vice president of threat intelligence at industrial-focused cybersecurity firm Dragos, which contributed information to the advisory and issued its own statement about the malware. Researchers at Mandiant, Palo Alto Networks, Microsoft and Schneider Electric also contributed to the advisory. “It’s like a Swiss Army knife with a huge number of pieces to it.”

Free-for-all toolkit proves worrisome

According to Dragos, the malware can derail target devices, disrupt or prevent operators from accessing them, indefinitely brick them, or even use them as a steppingstone to gain access to other parts of an industrial control system network. While the toolkit, dubbed "Pipedream" by Dragos, appears to specifically target Schneider Electric and OMRON PLCs, it does so by leveraging foundational software in those PLCs known as Codesys, which is used far more expansively throughout hundreds of other forms of PLCs.

The Pipedream malware toolkit is a unique extension to the small number of malware specimens discovered in the wild that target industrial control systems (ICS) software. The most well-known example of this type of malware is Stuxnet, a code developed by the U.S. and Israel that was discovered in 2010 after it was used to dismantle nuclear enrichment centrifuges in Iran. In late 2016, Russian hackers known as Sandworm, who are part of the Kremlin's GRU military intelligence agency, used a tool called Industroyer or Crash Override to cause a power outage in the Ukrainian capital of Kyiv.

To contact the author of this article, email

Powered by CR4, the Engineering Community

Discussion – 0 comments

By posting a comment you confirm that you have read and accept our Posting Rules and Terms of Use.
Engineering Newsletter Signup
Get the Engineering360
Stay up to date on:
Features the top stories, latest news, charts, insights and more on the end-to-end electronics value chain.
Weekly Newsletter
Get news, research, and analysis
on the Electronics industry in your
inbox every week - for FREE
Sign up for our FREE eNewsletter
Find Free Electronics Datasheets