The APT actors have developed
custom-made tools for targeting ICS/SCADA devices. The tools enable them to
scan for, compromise, and control affected devices once they have
established initial access to the operational technology (OT) network.
Additionally, the actors can compromise Windows-based engineering
workstations, which may be present in information technology (IT) or OT
environments, using an exploit that compromises an ASRock motherboard driver
with known vulnerabilities. By compromising and maintaining full
system access to ICS/SCADA devices, APT actors could elevate privileges,
move laterally within an OT environment, and disrupt critical devices or
functions.
|