Pipedream / Incontroller.

A modular ICS-attack toolkit disclosed by U.S. CISA, Dragos, and Mandiant in April 2022 — attributed by some to a Russian state actor — capable of discovering and disrupting Schneider Electric, OMRON, and OPC UA-based industrial controllers. 它属于网络安全的 OT / ICS / 物联网 分类。

A modular ICS-attack toolkit disclosed by U.S. CISA, Dragos, and Mandiant in April 2022 — attributed by some to a Russian state actor — capable of discovering and disrupting Schneider Electric, OMRON, and OPC UA-based industrial controllers.

Pipedream (Dragos) — also called Incontroller (Mandiant) — is a custom ICS attack framework disclosed in a U.S. CISA / DOE / NSA / FBI joint advisory in April 2022. Unlike earlier targeted ICS malware (Stuxnet, Industroyer, Triton) that hit a single victim, Pipedream is a modular toolset designed to enumerate and manipulate large families of industrial controllers — Schneider Electric Modicon PLCs, OMRON Sysmac NEX PLCs, and any OPC UA server — for reconnaissance, configuration change, denial of service, and selective disruption. Its discovery as a fully built capability before observed deployment ('left of boom' in ICS terms) led Dragos to publicly attribute it to a state-aligned actor they track as CHERNOVITE, widely reported as Russia-linked. Pipedream tooling can scan engineering networks for target devices, brute-force credentials, modify ladder logic, disable safety systems, and selectively crash controllers. Defenses focus on robust IT/OT segmentation, removal of internet-exposed engineering interfaces, signed-firmware enforcement, and OT-specific NDR (Dragos Platform, Claroty xDome, Nozomi Guardian) tuned for the framework's documented IOCs.

针对 Pipedream / Incontroller 的防御通常结合技术控制与运营实践,详见上方完整定义。

常见的别称包括: Pipedream, Incontroller, CHERNOVITE toolkit。