Quoting the Register article:
[…]Malware posing as legitimate firmware for Siemens control gear has apparently infected industrial equipment worldwide over the past four years. The cyber-nasty is packaged as software to be installed on Siemens programmable logic controllers (PLC), we’re told. At least 10 industrial plants – seven in the US – were found running the infected firmware, a study by industrial cybersecurity firm Dragos claims. According to the Texas-based biz, this particular malware was specifically thrown at industrial control equipment. Exactly what it does, or did, is not explained, although it is described as “crimeware”. […]
The Dragos blog post is worth reading:
https://www.theregister.co.uk/2017/03/22/malware_siemens_plc_firmware/
https://dragos.com/blog/mimics/
Firmware Security 