Pipedream ICS malware toolkit is a nightmare

This report outlines Pipedream (INCONTROLLER), a modular ICS malware framework attributed to the CHERNOVITE group that enables enumeration and interaction with industrial devices via Modbus, OPC UA, HTTP, and OEM tooling like CodeSys without relying on software exploits, drawing comparisons to Triton, Industroyer, and Stuxnet. It also notes the rise of ransomware against industrial entities (including the PSI Software incident) and lessons from Colonial Pipeline, emphasizing that OT impacts often originate from compromised Windows systems and recommending regular off-network compromise assessments to bolster OT resilience.