Doc ID                : ADV278
Version              : 1.0
Status                : Published
Published date : 6/23/2017
Categories  : I/A Series
SCADA
Foxboro Evo
SECURITY ISSUE
Last Modified date :  

Customer Advisory
CrashOverride/Industroyer Malware
June 23, 2017

 

Schneider Electric is committed to ensuring that our customers and employees are kept current on issues that might affect or improve product, system or process operation. We are dedicated to providing product and application reliability, and exceptional client service.   

Customer Advisories are intended to inform you of the possibility of a situation occurring at system installations, and the identified resolution. Schneider Electric recommends that our customers consider taking action to help prevent occurrence of the identified situation during your production process.

This advisory applies to all Foxboro Evo™ Process Automation System, I/A Series®, Foxboro Evo™ SCADA and I/A Series® SCADA users.

SITUATION

Schneider Electric has become aware of reports made public from ESET and Dragos that details an Industrial Control System (ICS) targeted attack platform dubbed CrashOverride/Industroyer.  This malware platform was thought to have been used in the 2016 cyberattack against Ukraine's critical infrastructure.  Schneider Electric wants its customers to be aware of this threat and the indicators that highlight presence of the malware.

SYMPTOMS

The modules of this malware platform are designed to disrupt the working processes of an ICS used primarily in electrical substations leveraging the following protocols:  IEC870-5-101, IEC870-5-104, IEC61850, and OPC DA.

Reported malware capabilities include:

ACTIONS OR RESOLUTIONS

Schneider Electric recommends customers follow the instructions outline in the released US CERT alert (TA17-163A) CrashOverride Malware:

https://www.us-cert.gov/ncas/alerts/TA17-163A

For customers requiring additional support, Schneider Electric Industrial Cybersecurity Services team are available to help with assessments and deployment support:

http://www.schneider-electric.com/b2b/en/services/field-services/industrial-automation/industrial-cybersecurity/industrial-cybersecurity.jsp

FOR INFORMATION

If you have any questions regarding this article, please contact your local Service Representative or a Schneider Electric Support Center at:  
 

GCS Center

America's GCS

Asia Pacific GCS

EMEA GCS

Location

Foxboro MA USA

Shanghai

Baarn NL

Phone

+1-866-746-6477

+86 21 37180086 

+31-3554-84125

Internationally

+1-508-549-2424

 

 

Fax

+1-508-549-4999

+86 21 37180196

+31-3554-84230

Email

America's GCS

Asia Pacific GCS

EMEA GCS

 

Regards,

John Petty
Director,
Global Customer Support


Distribution to Schneider Electric Customers and Internal Personnel Only
DO NOT REPRODUCE.
All trademarks are registered to their respective owners.
All brand names are property of their respective owners.

Advisory#  2017013abi