[1]https://arstechnica.com/information-technology/2022/04/us-uncovers-swiss-army
-knife-for-hacking-industrial-control-systems/?amp=1

   "Malware designed to target industrial control systems like power
   grids, factories, water utilities, and oil refineries represents a rare
   species of digital badness. So when the United States government warns
   of a piece of code built to target not just one of those industries,
   but potentially all of them, critical infrastructure owners worldwide
   should take notice.

   On Wednesday, the Department of Energy, the Cybersecurity and
   Infrastructure Security Agency, the NSA, and the FBI jointly released
   an [2]advisory about a new hacker toolset potentially capable of
   meddling with a wide range of industrial control system equipment. More
   than any previous industrial control system hacking toolkit, the
   malware contains an array of components designed to disrupt or take
   control of the functioning of devices, including programmable logic
   controllers (PLCs) that are sold by Schneider Electric and OMRON and
   are designed to serve as the interface between traditional computers
   and the actuators and sensors in industrial environments. Another
   component of the malware is designed to target Open Platform
   Communications Unified Architecture (OPC UA) servers—the computers that
   communicate with those controllers.

   "This is the most expansive industrial control system attack tool that
   anyone has ever documented," says Sergio Caltagirone, the vice
   president of threat intelligence at industrial-focused cybersecurity
   firm Dragos, which contributed research to the advisory
   and [3]published its own report about the malware. Researchers at
   Mandiant, Palo Alto Networks, Microsoft, and Schneider Electric also
   contributed to the advisory. “It’s like a Swiss Army knife with a huge
   number of pieces to it.”

   "Dragos says the malware has the ability to hijack target devices,
   disrupt or prevent operators from accessing them, permanently brick
   them, or even use them as a foothold to give hackers access to other
   parts of an industrial control system network. He notes that while the
   toolkit, which Dragos calls “Pipedream,” appears to specifically target
   Schneider Electric and OMRON PLCs, it does so by exploiting underlying
   software in those PLCs known as Codesys, which is used far more broadly
   across hundreds of other types of PLCs. This means that the malware
   could easily be adapted to work in almost any industrial environment.
   “This toolset is so big that it’s basically a free-for-all,”
   Caltagirone says. “T

References

   1. https://arstechnica.com/information-technology/2022/04/us-uncovers-swiss-army-knife-for-hacking-industrial-control-systems/?amp=1
   2. http://go.redirectingat.com/?id=100098X1555750&xs=1&url=https://www.cisa.gov/uscert/ncas/alerts/aa22-103a&sref=rss
   3. http://go.redirectingat.com/?id=100098X1555750&xs=1&url=https://hub.dragos.com/hubfs/116-Whitepapers/Dragos_ChernoviteWP_v2b.pdf?hsLang=en&sref=rss