Measuring the Potential Impact of PIPEDREAM Malware OPC UA Module, MOUSEHOLE

Dragos describes runtime testing and analysis of CHERNOVITE’s PIPEDREAM OPC UA module MOUSEHOLE and an automated test variant MOUSELAB, demonstrating how an adversary can discover OPC UA servers, authenticate (including anonymous or brute-force), enumerate address spaces, and write malicious node values to cause unsafe conditions in an industrial process; the report also explains attack steps, limitations, and presents OPC UA security configuration and hardening recommendations.