Pipedream / Incontroller.

A modular ICS-attack toolkit disclosed by U.S. CISA, Dragos, and Mandiant in April 2022 — attributed by some to a Russian state actor — capable of discovering and disrupting Schneider Electric, OMRON, and OPC UA-based industrial controllers. Es gehört zur Kategorie OT / ICS / IoT der Cybersicherheit.

A modular ICS-attack toolkit disclosed by U.S. CISA, Dragos, and Mandiant in April 2022 — attributed by some to a Russian state actor — capable of discovering and disrupting Schneider Electric, OMRON, and OPC UA-based industrial controllers.

Pipedream (Dragos) — also called Incontroller (Mandiant) — is a custom ICS attack framework disclosed in a U.S. CISA / DOE / NSA / FBI joint advisory in April 2022. Unlike earlier targeted ICS malware (Stuxnet, Industroyer, Triton) that hit a single victim, Pipedream is a modular toolset designed to enumerate and manipulate large families of industrial controllers — Schneider Electric Modicon PLCs, OMRON Sysmac NEX PLCs, and any OPC UA server — for reconnaissance, configuration change, denial of service, and selective disruption. Its discovery as a fully built capability before observed deployment ('left of boom' in ICS terms) led Dragos to publicly attribute it to a state-aligned actor they track as CHERNOVITE, widely reported as Russia-linked. Pipedream tooling can scan engineering networks for target devices, brute-force credentials, modify ladder logic, disable safety systems, and selectively crash controllers. Defenses focus on robust IT/OT segmentation, removal of internet-exposed engineering interfaces, signed-firmware enforcement, and OT-specific NDR (Dragos Platform, Claroty xDome, Nozomi Guardian) tuned for the framework's documented IOCs.

Schutzmaßnahmen gegen Pipedream / Incontroller kombinieren typischerweise technische Kontrollen und operative Praktiken, wie in der Definition oben beschrieben.

Übliche alternative Bezeichnungen: Pipedream, Incontroller, CHERNOVITE toolkit.