Security experts warn hackers behind the "deadly malicious programs" dubbed Triton to come back and target "critical infrastructure"
- Hackers behind deadly attack in 2017 are back, say experts
- The target was a "critical infrastructure" similar to the last attack.
- In 2017, an oil refinery in Saudi Arabia was compromised until nearly deadly results
- Other victims of malicious hackers programs are probably still to discover
Hackers responsible for the world's "deadliest malware" are back and have infected critical infrastructure, security analysts said.
FireEye researchers say traces of a dangerous malware program called Triton have been reported for the second time since 2017, when hackers exploited it to take control of critical processes at an oil plant. in Saudi Arabia.
In one report, the firm did not reveal exactly where the attack had occurred, who was the target, or even what damage, if any, had been caused, although he had highlight some of the apparent intentions of the group.
A Saudi oil plant was the target of an attack by the same hackers in 2017.
WHAT IS TRITON MALWARE?
Malicious malware called Triton was behind attacks targeting a Saudi oil refinery in 2017.
Recent reports reveal that hackers could have caused a gas leak or a deadly explosion with the help of the tool.
Security analysts, FireEye, have highlighted Triton's capabilities and linked it to a Russian research lab.
The hacking group has developed other tools that, according to FireEye, have infected another anonymous website.
The damage caused by hackers, if any, is unclear.
More victims are probably still there, says the office.
"The actor has gained a foothold on the Distributed Control System (DCS) but has not exploited this access to learn more about the operations of the plant, exfiltrate sensitive information, tamper with DCS controllers or manipulate the process, "reads.
It follows a report from the MIT Technology Review released earlier this year that warned that the malware was "deadly" and was spreading.
By masking their activity with harmless file names, making them legitimate administrative tools, the researchers said the group was able to remain undetected in the systems for a year before compromise its instrumented security system (SIS).
SIS is an essential security tool used to monitor processes in various factories and other facilities.
Although the nature of the recent attacks is unclear, as indicated by E & E last month, the group's attacks in 2017 could have been fatal.
"Two emergency shutdown systems went into action while darkness was being installed in the sprawling refinery located along the Red Sea coast in Saudi Arabia," he said. in the report.
Hackers had access to the system one year before compromising critical security systems.
"The systems have shut down part of the Petro Rabigh complex in a last-minute effort to prevent gassing and a deadly explosion. But while the security devices were taking extraordinary measures, the control room engineers who worked for the weekend had found nothing extraordinary, whether on their computer screens. or in the factory.
Last year, FireEye associated the Triton malware to the research laboratory of the Russian Central Institute for Scientific Research on Chemistry and Mechanics in Moscow and announced that hackers had been active since 2014.
According to them, it is likely that the number of victims still to be determined will be higher.
According to Motherboard, denying victim disclosure and attack details is a fairly common practice among companies that may be contractually forced not to do so.
"Critical infrastructure" often refers to large-scale operational facilities such as nuclear power plants, water treatment centers or power grids, "the report says.