[ad_1]
A new study on malicious computer code used during a sloppy attack on a Saudi petrochemical plant concludes that the bulk of the effort was coordinated from within a scientific institute Russian, one of the most direct links between official Russian hackers and a hostile intrusion on a major element of the infrastructure.
The report, published by FireEye, a leading cybersecurity company, identifies the Central Institute for Scientific Research of Chemistry and Mechanics, a Moscow-based technical research institute with close ties to Russian governments before the revolution. But this leaves unanswered the question of why Moscow would target a Middle East factory, even because of Russia's rivalry with Saudi Arabia in the oil market.
FireEye did not identify the attacked plant because of the restrictions imposed by the customer who requested the company's assistance to recover from the attack.
But the New York Times identified the factory in March as a Saudi factory, at a time when there was a broad consensus that the attack was to have been initiated by Iran, Saudi Arabia's biggest rival. for its regional influence.
Iran may have been behind the attack, but the new study suggests that if it did, Iran would have had a lot of Russian help and that when malware would had to be fine-tuned, the Russian institute provided its expertise.
The attack was one of the most frightening moments of cyberattacks of critical infrastructure. This was the first known attempt at handling an emergency stop system designed to prevent disasters and protect human lives.
However, the attack went awry and caused the plant to shut down completely, which seemed accidental because the malware was loaded into the computers of the factory. No industrial accidents occurred.
Nevertheless, the episode captivated the attention of experts, who concluded that if things went as planned, the next stage of the attack was likely to trigger an industrial accident. If this had happened, the shutdown system would have been disabled.
"We do not know why this facility was targeted," said John Hultquist, who oversaw the study at FireEye. "They may have just tested things, just experimented."
The reason why the Russians targeted a Saudi factory was unclear, apart from the obvious fact that the two countries were competing as oil and petrochemical producers.
"Sometimes it does not make sense geopolitically," Hultquist said, noting that Russian hackers and others "operate around the world."
The report did not claim that the Russians had launched the attack against the petrochemical facility, nor did it determine who had initiated the action. But the Russian Institute in Moscow traced the essential code and maintenance activities and rewrite elements of the malware. The institute had never been considered as a major player in the development of cyber-weapons.
At a time when we are seriously questioning whether the Russian government is seeking to influence the mid-term elections of 2018, the report recalls that the bulk of the cyber-activity of the Russia is located in more traditional arenas: place malicious programs in facilities essential to the maintenance of the environment. the infrastructure of the nation being executed. In March, the Trump administration accused the Russians of placing malware in US and conventional nuclear power plants, as well as in water systems.
In the United States, in the public service sector survey, Russians were filing "implants" or malware that could be activated at a later date. This is essentially what FireEye concluded was happening in the Saudi case, where the Russian institute was helping to update and improve the malware.
The Russian government has always denied having installed malware in foreign systems and has often called for the adoption of treaties or standards of behavior to govern cyberspace. But the United States has perceived Russia's calls as a cynical attempt to limit cyberactivity in the United States, while sending representatives to conduct operations on behalf of Russia.
