Industrial control systems targeted by hackers since 2011

Industrial control systems operated by global manufacturing and power plants have been targeted by hackers since 2011 through a backdoor programme dubbed BlackEnergy, according to a new report.

According to the US Department of Homeland Security’s (DHS) Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), Industrial systems from General Electric, Siemens and BroadWin integrated BlackEnergy backdoor programme, which made them vulnerable to attacks.

ICS-CERT noted: "Analysis indicates that this campaign has been ongoing since at least 2011.

"Multiple companies working with ICS-CERT have identified the malware on Internet-connected human-machine interfaces (HMIs)."

The effected products include General Electric’s Cimplicity HMI, Siemens’ SIMATIC WinCC and BroadWin’s WebAccess, which were distributed by Advantech.

Siemens said in a statement: "Siemens has been informed that a file discovered during the analysis of the BlackEnergy malware can be associated to the product SIMATIC WinCC.

"Experts from Siemens and ICS-CERT are investigating this issue and will provide information updates as soon as possible."

BlackEnergy has also been used by Russian cyber espionage group Sandworm to attack organisations including NATO alliance, energy firms and telecommunication firms.

The agency added: "ICS-CERT is concerned that any companies that have been running Cimplicity since 2012 with their HMI directly connected to the Internet could be infected with BlackEnergy malware.

"ICS-CERT strongly recommends that companies use the indicators and Yara signature in this alert to check their systems. In addition, we recommend that all Cimplicity users review ICS-CERT advisory ICSA-14-023-01 and apply the recommended mitigations."