Skip to main content

Dragos discovers new malware PIPEDREAM

Published by , Senior Editor
World Pipelines,

Amid escalating threats to global critical infrastructure, last night Dragos announced the discovery of new malware specifically developed to disrupt industrial processes: PIPEDREAM.

Dragos discovers new malware PIPEDREAM

This is the seventh ever publicly known ICS-specific malware, following INDUSTROYER2, STUXNET, HAVEX, BLACKENERGY2, CRASHOVERRIDE, and TRISIS.

Since early 2022, Dragos has been analysing PIPEDREAM malware. PIPEDREAM was developed by a new threat group Dragos identifies as CHERNOVITE. Dragos assesses with high confidence this threat group created PIPEDREAM for use in disruptive or destructive operations against Industrial Control Systems (ICS).

Statements for attribution by Robert M. Lee, CEO and Co-Founder of Dragos:

“Since early 2022, Dragos has been analysing the PIPEDREAM toolset, which is the seventh ever ICS specific malware. We track its developers as the threat group CHERNOVITE, which we assess with high confidence to be a state actor that developed the PIPEDREAM malware for use in disruptive or destructive operations against ICS. Specifically, the initial targeting appears to be liquid natural gas and electric community specific. However, the nature of the malware is that it works in a wide variety of industrial controllers and systems.

“The PIPEDREAM malware initially targets Schneider Electric and Omron controllers, however there are not vulnerabilities specific to those product lines. PIPEDREAM takes advantage of native functionality in operations, making it more difficult to detect. It includes features such as the ability to spread from controller to controller, and leverage popular ICS network protocols such as ModbusTCP and OPC UA.

“Uniquely, this malware has not been employed in target networks. This provides defenders a unique opportunity to defend ahead of the attacks. While the malicious capability is sophisticated, with a wide range of functionality, applying fundamental ICS cybersecurity practices such as having a defensible architecture, ICS specific incident response plan, and ICS network monitoring provide a robust defence against this threat.”



Read the latest issue of World Pipelines magazine for pipeline news, project stories, industry insight and technical articles.

World Pipelines’ April 2022 issue

The April issue includes a keynote article on regulations and compliance, along with technical articles on horizontal directional drilling, integrity systems and pipeline mapping.

Read the article online at:

You might also like

CO2 systems, studies and solutions

Alessandro Terenzi, Giorgio Arcangeletti, Enrico Bonato, Elvira Aloigi, Lorenzo Maggiore, and Annalisa Di Felice, Saipem S.p.A., offer an overview of the challenges and opportunities for CO2 pipelines in the energy transition, drawing on offshore and onshore case studies.


Embed article link: (copy the HTML code below):