TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 / 攻撃組織 に関する「個人」の調査・研究・参照ログ

INCONTROLLER: New State-Sponsored Cyber Attack Tools Target Multiple Industrial Control Systems

【図表】


INCONTROLLER tooling overview

INCONTROLLER attack scenarios
出典: https://www.mandiant.com/resources/incontroller-state-sponsored-ics-tool

Tool Description
TAGRUN A tool that scans for OPC servers, enumerates OPC structure/tags, brute forces credentials, and reads/writes OPC tag values.
CODECALL A framework that communicates using Modbus—one of the most common industrial protocols—and Codesys. CODECALL contains modules to interact with, scan, and attack at least three Schneider Electric programmable logic controllers (PLCs).
OMSHELL A framework with capabilities to interact with and scan some types of Omron PLCs via HTTP, Telnet, and Omron FINS protocol. The tool can also interact with Omron's servo drives, which use feedback control to deliver energy to motors for precision motion control.


【ブログ】

◆INCONTROLLER: New State-Sponsored Cyber Attack Tools Target Multiple Industrial Control Systems (Mandiant, 2022/04/13)
[INCONTROLLER:国家が支援する新たなサイバー攻撃ツールが複数の産業用制御システムを標的にする]
https://www.mandiant.com/resources/incontroller-state-sponsored-ics-tool


【関連まとめ記事】

全体まとめ
 ◆マルウェア / Malware (まとめ)
  ◆破壊型マルウェア (まとめ)

◆Incontroller (まとめ)
https://malware-log.hatenablog.com/entry/Incontroller


Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2023