Sophisticated industrial control system framework Pipedream, also known as Incontroller, has been targeting a critical hardcoded credentials flaw in Omron programmable logic controllers, tracked as CVE-2022-34151, SecurityWeek reports.
CVE-2022-34151 is being exploited by the BadOmen component of Pipedream to facilitate HTTP server interactions on targeted Omron NX/NJ controllers, a report from Dragos found. Aside from enabling physical process manipulation and disruption, BadOmen, like the Triton ICS malware, could also compromise safety controllers.
"Real-world impact varies based on what the controller is actually doing. An attacker may use the most significant of the vulnerabilities to persist on the controller, where they may modify the PLCs running logic at any time. This could allow them to turn on and off pumps, lights, or other equipment, against the wishes of the operator. In the case of safety systems, this may be used to prevent safety operations from happening imagine pressing the panic stop button, and it does not do anything," said Dragos Lead Vulnerability Researcher Reid Wightman.
While CISA has warned about Omron and Schneider Electric PLCs being targeted by Pipedream, it has yet to include CVE-2022-34151 in its Known Exploited Vulnerabilities catalog.
Malicious GitHub pages and YouTube videos containing links for purported cracked office software, automated trading bots, and game cheats, have been leveraged to facilitate the download of self-extracting password-protected archives.
While threat actors continued to impersonate employers on job search platforms to lure software developers into participating in an online interview that would be followed by BeaverTail malware compromise, more recent attacks entailed the deployment of a new Qt-based BeaverTail version that enabled browser credential and cryptocurrency wallet data exfiltration.