How The Russian Government Created The Most Advanced Industrial Malware Ever Seen



[ad_1]
<div _ngcontent-c14 = "" innerhtml = "

Pipe work of an oil refinery plant.

Russian government-backed hackers were responsible for an attack on a Saudi Arabian petrochemical plant last year, according to a cybersecurity firm. FireEye security researchers have linked the sophisticated "Triton" malware used to infiltrate industrial control systems to a Russian government-owned research institute, following an investigation.

Triton targets the industrial control systems made by Schneider Electric which are used in 18,000 different plants around the world. The August 2017 attack on the Saudi Arabian plant was designed to sabotage its operations and trigger an explosion. It came after several other attacks on petrochemical plants in Saudi Arabia. In January 2017, computers at the National Industrialization Company were targeted with a political message.

FireEye said in a blog: "FireEye Intelligence assesses with high confidence that intrusion activity was led by TRITON was supported by the Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM; aka ЦНИИХМ), a Russian government-owned technical research institution located in Moscow. "

The firm's investigation is a multiple independent ties to Russia, CNIIHM, and "a specific person in Moscow". It was conceded that it was possible, but this explanation is "less plausible".

The blog said: "In this scenario, one or more persons – CNIIHM employee – would have had to conduct extensive, high-risk malware development and intrusion activities of CNIIHM's address space without CNIIHM's knowledge and approval over multiple years. "

Triton comes after a deluge of malware targeting industrial control systems. The Stuxnet malware emerged in 2010 after it was discovered in the Iranian nuclear facility. Then, in December 2016, Industry was used in a cyber attack on Ukraine's national grid.

It is not the first time the finger has been pointed to Russia after hacking attempts on critical national infrastructure. In April, the UK and US made an unprecedented joint statement blaming Russia for cyber-attacks on businesses and consumers.

The announcement of the National Cyber ​​Security Center (NCSC), the US Department of Homeland Security and the FBI warn businesses and citizens that is exploiting network infrastructure devices such as routers around the world. The aim: To lay the groundwork for future attacks on critical infrastructure such as power stations and energy grids.

The US has been blamed for a recent strike on its electrical grid, while the NCSC held the Kremlin responsible for several UK infrastructure disruptions.

It's a major concern, but FireEye was careful in its final conclusions: "While we know that TEMP.Veles deployed the TRITON attack framework, we did not have specific evidence to prove that CNIIHM did (or did not) develop the tool," its blog post said. "We believe that CNIIHM is likely to maintain the strength of the institutional expertise needed to develop and prototype.

">

Pipe work of an oil refinery plant.

Russian government-backed hackers were responsible for an attack on a Saudi Arabian petrochemical plant last year, according to a cybersecurity firm. FireEye security researchers have linked the sophisticated "Triton" malware used to infiltrate industrial control systems to a Russian government-owned research institute, following an investigation.

Triton targets the industrial control systems made by Schneider Electric which are used in 18,000 different plants around the world. The August 2017 attack on the Saudi Arabian plant was designed to sabotage its operations and trigger an explosion. It came after several other attacks on petrochemical plants in Saudi Arabia. In January 2017, computers at the National Industrialization Company were targeted with a political message.

FireEye said in a blog: "FireEye Intelligence assesses with high confidence that intrusion activity was led by TRITON was supported by the Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM; aka ЦНИИХМ), a Russian government-owned technical research institution located in Moscow. "

The firm's investigation is a multiple independent ties to Russia, CNIIHM, and "a specific person in Moscow". It was conceded that it was possible, but this explanation is "less plausible".

The blog said: "In this scenario, one or more persons – CNIIHM employee – would have had to conduct extensive, high-risk malware development and intrusion activities of CNIIHM's address space without CNIIHM's knowledge and approval over multiple years. "

Triton comes after a deluge of malware targeting industrial control systems. The Stuxnet malware emerged in 2010 after it was discovered in the Iranian nuclear facility. Then, in December 2016, Industry was used in a cyber attack on Ukraine's national grid.

It is not the first time the finger has been pointed to Russia after hacking attempts on critical national infrastructure. In April, the UK and US made an unprecedented joint statement blaming Russia for cyber-attacks on businesses and consumers.

The announcement of the National Cyber ​​Security Center (NCSC), the US Department of Homeland Security and the FBI warn businesses and citizens that is exploiting network infrastructure devices such as routers around the world. The aim: To lay the groundwork for future attacks on critical infrastructure such as power stations and energy grids.

The US has been blamed for a recent strike on its electrical grid, while the NCSC held the Kremlin responsible for several UK infrastructure disruptions.

It's a major concern, but FireEye was careful in its final conclusions: "While we know that TEMP.Veles deployed the TRITON attack framework, we did not have specific evidence to prove that CNIIHM did (or did not) develop the tool," its blog post said. "We believe that CNIIHM is likely to maintain the strength of the institutional expertise needed to develop and prototype.

[ad_2]
Source link