Several U.S. government agencies have issued a joint alert warning of the discovery of malicious cybertools capable of gaining access to industrial control systems.
The alert from the Energy Department, the Homeland Security Department, the FBI, and the National Security Agency (NSA) on April 13 did not identify who might be behind the malware. But their private-sector partners quoted by news agencies said the evidence suggests Russia is responsible.
One of the cybersecurity firms involved, Mandiant, said in a report that the tools' functionality was "consistent with the malware used in Russia's prior physical attacks." It called the tools "exceptionally rare and dangerous."
The CEO of Dragos, another government partner, agreed that a state actor almost certainly crafted the malware, which was configured to initially target liquefied-natural-gas and electric-power sites in North America.
CEO Robert Lee declined to comment on the state actor's identity and would not explain how the malware was discovered other than to say it was caught "before an attack was attempted."
"We're actually one step ahead of the adversary. None of us want them to understand where they screwed up," Lee said, according to AP. "Big win."
The Cybersecurity and Infrastructure Security Agency (CISA) published the alert. It also declined to identify the threat actor.
The U.S. government has warned critical infrastructure industries about possible cyberattacks from Russia as retaliation for severe economic sanctions imposed in response to its invasion of Ukraine.
CISA urged critical infrastructure organizations "especially energy-sector organizations" to implement a series of recommendations aimed at blocking and detecting the malware.