Hackers have developed new custom tools that provide for full system access to different industrial control system (ICS) and supervisory control and data acquisition (SCADA) devices. The Department of Energy, US Cybersecurity and Infrastructure Security Agency (CISA), the NSA, and FBI urged critical infrastructure operators to upgrade the security of these devices and networks in a join cybersecurity advisory released earlier this week. The custom tools are designed to target programmable logic controllers from large companies such as Schneider Electric.

However, the CISA states that there is a low risk that the tools will lead to highly automated exploits against devices in the critical infrastructure sector being targeted. Dragos, a security firm that deals mainly with ICS, has named the tool Pipedream. Dragos stated that it is the seventh-known ICS specific malware. In addition, the company traced the tool back to an advanced persistent threat actor called Chevronite. Mandiant has named the malware INCONTROLLER after working with Schneider Electric to analyze it.

Read More: Hackers have built tools to attack these key industrial control systems