A Russian-owned research institute very likely helped build tools used by an infamous hacking group that caused a petrochemical plant in Saudi Arabia to shut down last year, cybersecurity company FireEye said Tuesday. A series of clues implicates the Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM), a Moscow-based lab, in developing tools used by the group known as Xenotime or TEMP.Veles, according to FireEye. The group is known for malware, dubbed Triton or Trisis, designed to disrupt control-system software that allows industrial plants to safely shut down. FireEye has tied the testing of malware used by TEMP.Veles to CNIIHM, specifically someone who has been identified as a professor at the institute. Further, an IP address registered to CNIIHM has been employed by Triton’s operators for multiple purposes, “including monitoring open-source coverage of Triton, network reconnaissance, and malicious activity in support of the Triton intrusion,” FireEye said in a blog post. […]
The post FireEye links Russia-owned lab to Trisis developers appeared first on Cyberscoop.
Continue reading FireEye links Russia-owned lab to Trisis developers→