|Data Sources||File monitoring, Data loss prevention, Process command-line parameters|
|Asset||Field Controller/RTU/PLC/IED, Safety Instrumented System/Protection Relay, Control Server|
Adversaries may automate collection of industrial environment information using tools or scripts. This automated collection may leverage native control protocols and tools available in the control systems environment. For example, the OPC protocol may be used to enumerate and gather information. Access to a system or interface with these native protocols may allow collection and enumeration of other attached, communicating servers and devices.
- Using OPC, a component of Backdoor.Oldrea gathers any details about connected devices and sends them back to the C2 for the attackers to analyze.1
- Industroyer automatically collects protocol object data to learn about control devices in the environment.2