{"id":7697,"date":"2022-04-27T10:40:35","date_gmt":"2022-04-27T17:40:35","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=7697"},"modified":"2022-04-27T10:40:35","modified_gmt":"2022-04-27T17:40:35","slug":"advanced-persistent-threat-cyber-tools-targeting-industrial-control-systems-and-scada-devices","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/security\/advanced-persistent-threat-cyber-tools-targeting-industrial-control-systems-and-scada-devices\/","title":{"rendered":"Advanced Persistent Threat Cyber Tools Targeting Industrial Control Systems and SCADA Devices"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">The Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) released a Cybersecurity Advisory (CSA) to warn that certain advanced persistent threat (APT) actors have exhibited the capability to gain full system access to multiple industrial control system (ICS)\/supervisory control and data acquisition (SCADA) devices. This includes:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Schneider Electric programmable logic controllers (PLCs),<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">OMRON Sysmac NEX PLCs, and<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Open Platform Communications Unified Architecture (OPC UA) servers.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">The APT threat actors have developed custom-made tools for targeting ICS\/SCADA devices. The custom tools enable them to scan for, compromise, and control affected devices once they have established initial access to the operational technology (OT) network. The threat actors can compromise Windows-based engineering workstations, which may be present in information technology (IT) or OT environments, using an exploit that compromises an ASRock motherboard driver with known vulnerabilities.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">By compromising and maintaining full system access to ICS\/SCADA devices, APT threat actors could elevate privileges, move laterally within an OT environment, and disrupt critical devices or functions.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The DOE, CISA, NSA, and the FBI urge critical infrastructure organizations, especially Energy Sector organizations, to implement the detection and mitigation recommendations provided in this CSA to detect potential malicious APT activity and harden their ICS\/SCADA devices.\u00a0<\/span><\/p>\n<h3><b>Mitigations Suggested by the DOE, CISA, NSA, and the FBI<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">DOE, CISA, NSA, and the FBI recommend all organizations with ICS\/SCADA devices implement the following proactive mitigations:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Isolate ICS\/SCADA systems and networks from corporate and internet networks using strong perimeter controls, and limit any communications entering or leaving ICS\/SCADA perimeters.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Enforce multifactor authentication for all remote access to ICS networks and devices whenever possible.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Have a cyber incident response plan, and exercise it regularly with stakeholders in IT, cybersecurity, and operations.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Change all passwords to ICS\/SCADA devices and systems on a consistent schedule, especially all default passwords, to device-unique strong passwords to mitigate password brute force attacks and to give defender monitoring systems opportunities to detect common attacks.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Maintain known-good offline backups for faster recovery upon a disruptive attack, and conduct hashing and integrity checks on firmware and controller configuration files to ensure validity of those backups.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Limit ICS\/SCADA systems\u2019 network connections to only specifically allowed management and engineering workstations.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Robustly protect management systems by configuring Device Guard, Credential Guard, and Hypervisor Code Integrity (HVCI). Install Endpoint Detection and Response (EDR) solutions on these subnets and ensure strong antivirus file reputation settings are configured.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Implement robust log collection and retention from ICS\/SCADA systems and management subnets.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Leverage a continuous OT monitoring solution to alert on malicious indicators and behaviors, watching internal systems and communications for known hostile actions and lateral movement.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">For enhanced network visibility to potentially identify abnormal traffic, consider using CISA\u2019s open-source <\/span><a href=\"https:\/\/github.com\/cisagov\/ICSNPP\"><span style=\"font-weight: 400;\">Industrial Control Systems Network Protocol Parsers (ICSNPP)<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Ensure all applications are only installed when necessary for operation.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Enforce the principle of least privilege. Only use admin accounts when required for tasks, such as installing software updates.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Investigate symptoms of a denial of service or connection severing, which exhibit as delays in communications processing, loss of function requiring a reboot, and delayed actions to operator comments as signs of potential malicious activity.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Monitor systems for loading of unusual drivers, especially for ASRock drivers, if no ASRock driver is normally used on the system.\u00a0<\/span><\/li>\n<\/ul>\n<h3><b>The Domain Name System (DNS) is Almost Always Involved in ICS\/SCADA Attacks<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">It is a fact that DNS is involved in most cyberattacks. According to International Data Corporation report in 2020 79% of organizations have experienced a cyberattack which involved DNS. Why? Because DNS is at the very heart of the internet. DNS is the first component of the IP network to be used when a piece of equipment is connected. Whether it is a phone, a computer, an IP camera, or any other type of terminal, literally the first thing a device does to gain connection to the Internet is to send a DNS request. For these reasons, DNS traffic is often used as a way to access the network in a cyberattack. This technique, amongst many others leveraging DNS, is called DNS tunneling (MITRE ATT&amp;CK Technique T1572).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">DNS based attacks go far beyond DNS tunneling. Today we see the use of fake domain names which are automatically generated in order to support new attacks. These newly observed domains (NODS) are very difficult to detect.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">DNS security is designed to prevent users\u2019 connection to malicious destinations. DNS security will also detect anomalous behaviors in the network such as C&amp;C communications, phishing, advanced persistent threat activity, domain generation algorithm (DGA) activity, botnet communications, and data exfiltration along with DNS tunneling.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">DNS security solutions such as BloxOne\u00ae Threat Defense combine advanced analytics based on machine learning, highly accurate and aggregated threat intelligence and automation to detect and prevent a broad range of threats, including DGA families, data exfiltration, look-alike domain use and many others.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Most importantly, BloxOne Threat Defense provides important support for Security Orchestration Automation and Remediation (SOAR) Integration. SOAR is critical for providing enterprise security systems, ITSM solutions, vulnerability scanners and other security ecosystem tools the data which can in turn trigger remediation actions automatically when any malicious or highly anomalous activity is detected.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">DNS logs are a very useful source of contextual data which can aid in the investigation of any security event. DNS logs provide a highly effective way to see what resources a client has been accessing over time. The DHCP \u201cfingerprint\u201d and IPAM metadata provide contextual information on compromised devices such as type of device, OS information, network location and current and historical IP address allocations. All this information helps with event correlation and understanding the scope of a breach.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">BloxOne Threat Defense is a cloud managed, hybrid DNS security solution that protects users and devices on-premises within the enterprise network, while roaming or remote, and in the cloud. B1TD blocks DNS based malware, including ransomware,\u00a0 communications with command-and-control servers, data exfiltration, and more. BloxOne Threat Defense provides AI\/ML based\u00a0 analytics, threat intelligence and automation to detect and stop a wide variety of threats. These threats can include domain generation algorithm (DGA), data exfiltration, look-alike domains, and many other types of attacks which leverage DNS.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">To find out more about BloxOne Threat Defense: <\/span><a href=\"https:\/\/www.infoblox.com\/products\/bloxone-threat-defense\/\"><span style=\"font-weight: 400;\">https:\/\/www.infoblox.com\/products\/bloxone-threat-defense\/<\/span><\/a><\/p>\n<p><span style=\"font-weight: 400;\">You can find the full cybersecurity joint advisory alert here: <\/span><a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/alerts\/aa22-103a\"><span style=\"font-weight: 400;\">https:\/\/www.cisa.gov\/uscert\/ncas\/alerts\/aa22-103a<\/span><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) released a Cybersecurity Advisory (CSA) to warn that certain advanced persistent threat (APT) actors have exhibited the capability to gain full system access to multiple industrial control system (ICS)\/supervisory control and [&hellip;]<\/p>\n","protected":false},"author":324,"featured_media":6869,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[2],"tags":[339,340,682,683,189,684,652,685,686,687,360],"class_list":{"0":"post-7697","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-security","8":"tag-apt","9":"tag-advanced-persistent-threat","10":"tag-industrial-control-systems","11":"tag-scada-devices","12":"tag-cybersecurity","13":"tag-cybersecurity-advisory","14":"tag-joint-cybersecurity-advisory","15":"tag-plcs","16":"tag-ics","17":"tag-dns-based-attacks","18":"tag-dns-security","19":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Advanced Persistent Threat Cyber Tools Targeting Industrial Control Systems and SCADA Devices<\/title>\n<meta name=\"description\" content=\"Advanced Persistent Threat Cyber Tools Targeting Industrial Control Systems and SCADA Devices. The Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) released a Cybersecurity Advisory (CSA) to warn that certain advanced persistent threat (APT) actors have exhibited the capability to gain full system access to multiple industrial control system (ICS)\/supervisory control and data acquisition (SCADA) devices.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/security\/advanced-persistent-threat-cyber-tools-targeting-industrial-control-systems-and-scada-devices\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Advanced Persistent Threat Cyber Tools Targeting Industrial Control Systems and SCADA Devices\" \/>\n<meta property=\"og:description\" content=\"Advanced Persistent Threat Cyber Tools Targeting Industrial Control Systems and SCADA Devices. The Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) released a Cybersecurity Advisory (CSA) to warn that certain advanced persistent threat (APT) actors have exhibited the capability to gain full system access to multiple industrial control system (ICS)\/supervisory control and data acquisition (SCADA) devices.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/security\/advanced-persistent-threat-cyber-tools-targeting-industrial-control-systems-and-scada-devices\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2022-04-27T17:40:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-ccb-2.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"612\" \/>\n\t<meta property=\"og:image:height\" content=\"408\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Michael Zuckerman\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Michael Zuckerman\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/advanced-persistent-threat-cyber-tools-targeting-industrial-control-systems-and-scada-devices\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/advanced-persistent-threat-cyber-tools-targeting-industrial-control-systems-and-scada-devices\\\/\"},\"author\":{\"name\":\"Michael Zuckerman\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/212816c17be869578ba1574b5fc7abf4\"},\"headline\":\"Advanced Persistent Threat Cyber Tools Targeting Industrial Control Systems and SCADA Devices\",\"datePublished\":\"2022-04-27T17:40:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/advanced-persistent-threat-cyber-tools-targeting-industrial-control-systems-and-scada-devices\\\/\"},\"wordCount\":1091,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/advanced-persistent-threat-cyber-tools-targeting-industrial-control-systems-and-scada-devices\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-ccb-2.jpg\",\"keywords\":[\"apt\",\"advanced persistent threat\",\"Industrial Control Systems\",\"SCADA devices\",\"Cybersecurity\",\"Cybersecurity Advisory\",\"Joint Cybersecurity Advisory\",\"PLCs\",\"ICS\",\"DNS based attacks\",\"DNS Security\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/advanced-persistent-threat-cyber-tools-targeting-industrial-control-systems-and-scada-devices\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/advanced-persistent-threat-cyber-tools-targeting-industrial-control-systems-and-scada-devices\\\/\",\"name\":\"Advanced Persistent Threat Cyber Tools Targeting Industrial Control Systems and SCADA Devices\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/advanced-persistent-threat-cyber-tools-targeting-industrial-control-systems-and-scada-devices\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/advanced-persistent-threat-cyber-tools-targeting-industrial-control-systems-and-scada-devices\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-ccb-2.jpg\",\"datePublished\":\"2022-04-27T17:40:35+00:00\",\"description\":\"Advanced Persistent Threat Cyber Tools Targeting Industrial Control Systems and SCADA Devices. The Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) released a Cybersecurity Advisory (CSA) to warn that certain advanced persistent threat (APT) actors have exhibited the capability to gain full system access to multiple industrial control system (ICS)\\\/supervisory control and data acquisition (SCADA) devices.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/advanced-persistent-threat-cyber-tools-targeting-industrial-control-systems-and-scada-devices\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/advanced-persistent-threat-cyber-tools-targeting-industrial-control-systems-and-scada-devices\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/advanced-persistent-threat-cyber-tools-targeting-industrial-control-systems-and-scada-devices\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-ccb-2.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-ccb-2.jpg\",\"width\":612,\"height\":408,\"caption\":\"computer virus transfer into desktop pc by internet LAN line. double exposure shot of backside of a computer and red binary codes. hacker virus spyware ransomware and security breached concepts.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/advanced-persistent-threat-cyber-tools-targeting-industrial-control-systems-and-scada-devices\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/security\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Advanced Persistent Threat Cyber Tools Targeting Industrial Control Systems and SCADA Devices\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/212816c17be869578ba1574b5fc7abf4\",\"name\":\"Michael Zuckerman\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"caption\":\"Michael Zuckerman\"},\"description\":\"Michael Zuckerman is a seasoned B2B product marketing and marketing strategy consultant with experience in the cybersecurity marketplace. Zuckerman\u2019s domain experience in cybersecurity over the past 10 years includes DNS security, threat intelligence, threat intelligence platforms (TIP), container security, mobile device security, moving target defense, network threat analysis (AI), sandbox, deception technology, cloud access security brokers (CASB), SASE, AI based SIEM, secure collaborative governance, and related technology sets to include data loss prevention (DLP), user and entity behavior analytics (UEBA), and encryption.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/michael-zuckerman\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Advanced Persistent Threat Cyber Tools Targeting Industrial Control Systems and SCADA Devices","description":"Advanced Persistent Threat Cyber Tools Targeting Industrial Control Systems and SCADA Devices. The Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) released a Cybersecurity Advisory (CSA) to warn that certain advanced persistent threat (APT) actors have exhibited the capability to gain full system access to multiple industrial control system (ICS)\/supervisory control and data acquisition (SCADA) devices.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/security\/advanced-persistent-threat-cyber-tools-targeting-industrial-control-systems-and-scada-devices\/","og_locale":"en_US","og_type":"article","og_title":"Advanced Persistent Threat Cyber Tools Targeting Industrial Control Systems and SCADA Devices","og_description":"Advanced Persistent Threat Cyber Tools Targeting Industrial Control Systems and SCADA Devices. The Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) released a Cybersecurity Advisory (CSA) to warn that certain advanced persistent threat (APT) actors have exhibited the capability to gain full system access to multiple industrial control system (ICS)\/supervisory control and data acquisition (SCADA) devices.","og_url":"https:\/\/www.infoblox.com\/blog\/security\/advanced-persistent-threat-cyber-tools-targeting-industrial-control-systems-and-scada-devices\/","og_site_name":"Infoblox Blog","article_published_time":"2022-04-27T17:40:35+00:00","og_image":[{"width":612,"height":408,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-ccb-2.jpg","type":"image\/jpeg"}],"author":"Michael Zuckerman","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Michael Zuckerman","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/security\/advanced-persistent-threat-cyber-tools-targeting-industrial-control-systems-and-scada-devices\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/advanced-persistent-threat-cyber-tools-targeting-industrial-control-systems-and-scada-devices\/"},"author":{"name":"Michael Zuckerman","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/212816c17be869578ba1574b5fc7abf4"},"headline":"Advanced Persistent Threat Cyber Tools Targeting Industrial Control Systems and SCADA Devices","datePublished":"2022-04-27T17:40:35+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/advanced-persistent-threat-cyber-tools-targeting-industrial-control-systems-and-scada-devices\/"},"wordCount":1091,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/advanced-persistent-threat-cyber-tools-targeting-industrial-control-systems-and-scada-devices\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-ccb-2.jpg","keywords":["apt","advanced persistent threat","Industrial Control Systems","SCADA devices","Cybersecurity","Cybersecurity Advisory","Joint Cybersecurity Advisory","PLCs","ICS","DNS based attacks","DNS Security"],"articleSection":["Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/security\/advanced-persistent-threat-cyber-tools-targeting-industrial-control-systems-and-scada-devices\/","url":"https:\/\/www.infoblox.com\/blog\/security\/advanced-persistent-threat-cyber-tools-targeting-industrial-control-systems-and-scada-devices\/","name":"Advanced Persistent Threat Cyber Tools Targeting Industrial Control Systems and SCADA Devices","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/advanced-persistent-threat-cyber-tools-targeting-industrial-control-systems-and-scada-devices\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/advanced-persistent-threat-cyber-tools-targeting-industrial-control-systems-and-scada-devices\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-ccb-2.jpg","datePublished":"2022-04-27T17:40:35+00:00","description":"Advanced Persistent Threat Cyber Tools Targeting Industrial Control Systems and SCADA Devices. The Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) released a Cybersecurity Advisory (CSA) to warn that certain advanced persistent threat (APT) actors have exhibited the capability to gain full system access to multiple industrial control system (ICS)\/supervisory control and data acquisition (SCADA) devices.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/advanced-persistent-threat-cyber-tools-targeting-industrial-control-systems-and-scada-devices\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/security\/advanced-persistent-threat-cyber-tools-targeting-industrial-control-systems-and-scada-devices\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/security\/advanced-persistent-threat-cyber-tools-targeting-industrial-control-systems-and-scada-devices\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-ccb-2.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-ccb-2.jpg","width":612,"height":408,"caption":"computer virus transfer into desktop pc by internet LAN line. double exposure shot of backside of a computer and red binary codes. hacker virus spyware ransomware and security breached concepts."},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/security\/advanced-persistent-threat-cyber-tools-targeting-industrial-control-systems-and-scada-devices\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.infoblox.com\/blog\/category\/security\/"},{"@type":"ListItem","position":3,"name":"Advanced Persistent Threat Cyber Tools Targeting Industrial Control Systems and SCADA Devices"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/212816c17be869578ba1574b5fc7abf4","name":"Michael Zuckerman","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","caption":"Michael Zuckerman"},"description":"Michael Zuckerman is a seasoned B2B product marketing and marketing strategy consultant with experience in the cybersecurity marketplace. Zuckerman\u2019s domain experience in cybersecurity over the past 10 years includes DNS security, threat intelligence, threat intelligence platforms (TIP), container security, mobile device security, moving target defense, network threat analysis (AI), sandbox, deception technology, cloud access security brokers (CASB), SASE, AI based SIEM, secure collaborative governance, and related technology sets to include data loss prevention (DLP), user and entity behavior analytics (UEBA), and encryption.","url":"https:\/\/www.infoblox.com\/blog\/author\/michael-zuckerman\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/7697","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/324"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=7697"}],"version-history":[{"count":1,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/7697\/revisions"}],"predecessor-version":[{"id":7698,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/7697\/revisions\/7698"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/6869"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=7697"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=7697"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=7697"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}