Sophisticated industrial control system framework Pipedream, also known as Incontroller, has been targeting a critical hardcoded credentials flaw in Omron programmable logic controllers, tracked as CVE-2022-34151, SecurityWeek reports.
CVE-2022-34151 is being exploited by the BadOmen component of Pipedream to facilitate HTTP server interactions on targeted Omron NX/NJ controllers, a report from Dragos found. Aside from enabling physical process manipulation and disruption, BadOmen, like the Triton ICS malware, could also compromise safety controllers.
"Real-world impact varies based on what the controller is actually doing. An attacker may use the most significant of the vulnerabilities to persist on the controller, where they may modify the PLCs running logic at any time. This could allow them to turn on and off pumps, lights, or other equipment, against the wishes of the operator. In the case of safety systems, this may be used to prevent safety operations from happening imagine pressing the panic stop button, and it does not do anything," said Dragos Lead Vulnerability Researcher Reid Wightman.
While CISA has warned about Omron and Schneider Electric PLCs being targeted by Pipedream, it has yet to include CVE-2022-34151 in its Known Exploited Vulnerabilities catalog.
Fifty percent more distributed denial-of-service attacks have been launched by threat actors during the first quarter of 2024 over the same period last year, with thwarted DDoS attacks increasing by 93% year-over-year, SiliconAngle reports.
Security Affairs reports that attacks with an updated iteration of the LightSpy iOS spyware using the "F_Warehouse" framework have been deployed against Southern Asian targets as part of a new cyberespionage campaign.
Operations of Russia's industrial sensor and monitoring infrastructure were claimed to have been disrupted by Ukrainian hacking operation Blackjack following a Fuxnet malware attack against Moscow-based underground infrastructure firm Moscollector, reports SecurityWeek.