The malware, described as a modular ICS attack framework and a collection of custom-made tools, can be used by threat actors to target ICS and SCADA devices, including programmable logic controllers (PLCs) from Schneider Electric and Omron, and OPC UA servers.

Advisories and blog posts describing the toolset have been released by industrial cybersecurity firm Dragos, which tracks it as Pipedream, threat intelligence and incident response firm Mandiant, which tracks the malware as Incontroller, as well as CISA, FBI, NSA and the Energy Department — the government organizations released a joint advisory.