Mandiant senior technical analysis manager Daniel Kapellmann Zafra joins the Claroty Aperture podcast to discuss the Incontroller/Pipedream attack tool. Incontroller is alleged to be a state-sponsored tool specifically designed to target industrial control systems. Incontroller was discovered before it was employed on a victim's network, yet nonetheless it remains one of the most sophisticated, dangerous ICS attack platforms ever developed.
Kapellman Zafra discusses Incontroller's three components—Tagrun, Codecall, and OmShell—that give it extreme flexibility in targeting different ICS equipment and communication protocols. You'll also learn about how resilient potential victims may be, as well as some of the mitigations and defensive strategies that organizations should consider.