BruCON 0x0E

Only a few times in history we have seen publicly documented malware developed to target industrial control systems (ICS). Over ten years ago STUXNET impacted Iranian nuclear centrifuges. Then INDUSTROYER turned off electric power in Ukraine and TRITON targeted the safety systems from a critical infrastructure organization. Today, a couple years later, we ran into INCONTROLLER.

INCONTROLLER is a set of novel ICS- oriented attack tools built to target specific Schneider Electric and Omron devices that are embedded in different types of machinery leveraged across multiple industries. The tools – which are very likely state-sponsored – represent an exceptionally rare and dangerous cyber-attack that contains capabilities related to disruption, sabotage, and potentially physical destruction. In this talk I will present our analysis of INCONTROLLER, its components, attack scenarios, and the implications for defenders.