There are no reports of the malicious code being used in cyberattacks. But US officials and cybersecurity experts urged organizations to harden their defenses because the malicious software could be used to disrupt critical infrastructure if successfully deployed.
The hacking tools could permit “lower-skilled cyber actors to emulate higher-skilled actor capabilities,” the US agencies said.
The agencies did not identify who was responsible for developing the hacking tools or in what country they had been developed. CNN has requested comment from the agencies.
“We are unable to associate (the hacking tools) with any previously tracked group at this stage of our analysis, but we note the activity is consistent with Russia’s historical interest” in industrial control systems, Mandiant analysts said. The tools pose “the greatest threat to Ukraine, NATO member states, and other states actively responding to Russia’s invasion of Ukraine,” the analysts added.
For years, multiple state-linked hacking groups, including some tied to Russia, China and Iran, have taken an interest in infiltrating industrial computer networks. Doing so generally takes specialized knowledge and skill that is different from hacking a business computer network.
The Justice Department has blamed the same Russian hacking group for causing power outages in Ukraine in 2015 and 2016. Those cyberattacks are the only two hacks on record that have successfully caused power outages, according to analysts.