A joint advisory issued by the US Cybersecurity and Infrastructure Security Agency and other government agencies noted the hackers' malicious software could affect programmable logic controllers manufactured by Schneider Electric and OMRON Corp.
OMRON did not respond immediately to a message seeking comment. A Schneider spokesperson confirmed that the company collaborated with US officials to defend against the hackers, describing it as "an example of successful collaboration to deter threats on critical infrastructure before they occur."
The controllers are common in a variety of industries, from gas to food production plants, but researchers believe the hackers' intended targets were liquefied natural gas and electric facilities, according to Robert Lee, CEO of cybersecurity firm Dragos, which assisted in the discovery of the malware.
The Cybersecurity Agency urged critical infrastructure organizations, "particularly Energy Sector organizations," to implement a series of recommendations aimed at blocking and detecting the cyber weapon known as Pipedream in its alert.
Although the government warning was vague – it did not specify which hackers were behind the malware or whether it had been used – it sent shivers down the spine of the industry.
CISA announced the discovery alongside the Energy Department, the National Security Agency, and the FBI, indicating how seriously the discovery was being taken.
PLCs, or programmable logic controllers, are embedded in a large number of plants and factories, and any disruption in their operation has the potential to cause harm, ranging from shutdowns to blackouts to chemical leaks, wrecked equipment, or even explosions.
The tool developed by the mystery hackers, according to Lee, was "highly capable" and had most likely been in the works for several years.
"It is as dangerous as people make it out to be," Lee explained in an interview.
Western cybersecurity officials are already on edge as a result of Russia's invasion of Ukraine and the deployment of malware designed to cause power outages.
Pipedream, according to Sergio Caltagirone, Dragos' vice president of threat intelligence, can be viewed as a "toolbox" of various hacking tools. Each component provides a unique method of circumventing normal controls, giving hackers a wide range of attack options.
Caltagirone, for example, stated that one of the Pipedream tools would have allowed the attackers to damage Schneider Electric's PLC to the point where it would have needed to be completely replaced.
"Because of existing supply chain challenges, it may take longer to get replacement controllers following such an attack," Caltagirone explained. "This means that a liquefied natural gas facility could be out of service for months."