Collaborate Disseminate
XENOTIME, a destructive APT linked to Russia, has broadened its target set beyond Middle East oil and gas. Continue reading TRISIS Group, Known for Physical Destruction, Targets U.S. Electric Companies
The notorious hacking group behind the Trisis malware, which is designed to disrupt industrial safety systems, has expanded its targeting to include U.S. electric utilities, according to new research. The group, known as Xenotime, most famously deployed the Trisis malware on a Saudi petrochemical plant in the summer of 2017, forcing it to shut down. But starting in late 2018, according to analysts at industrial cybersecurity company Dragos, Xenotime went beyond its focus on oil and gas sector to probe the networks of electric utilities in the U.S. and elsewhere. “While there is no evidence at this time that Xenotime has successfully breached any of the entities it has probed in U.S. electric utilities, the fact that this actor – which has already demonstrated the willingness and capability to execute a disruptive ICS [industrial control system] attack – is now actively gathering information on electric utilities is deeply concerning,” Joe Slowik, […]
The post The group behind Trisis has expanded its targeting to the U.S. electric sector appeared first on CyberScoop.
Continue reading The group behind Trisis has expanded its targeting to the U.S. electric sector
A Russian-owned research institute very likely helped build tools used by an infamous hacking group that caused a petrochemical plant in Saudi Arabia to shut down last year, cybersecurity company FireEye said Tuesday. A series of clues implicates the Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM), a Moscow-based lab, in developing tools used by the group known as Xenotime or TEMP.Veles, according to FireEye. The group is known for malware, dubbed Triton or Trisis, designed to disrupt control-system software that allows industrial plants to safely shut down. FireEye has tied the testing of malware used by TEMP.Veles to CNIIHM, specifically someone who has been identified as a professor at the institute. Further, an IP address registered to CNIIHM has been employed by Triton’s operators for multiple purposes, “including monitoring open-source coverage of Triton, network reconnaissance, and malicious activity in support of the Triton intrusion,” FireEye said in a blog post. […]
The post FireEye links Russia-owned lab to Trisis developers appeared first on Cyberscoop.
Continue reading FireEye links Russia-owned lab to Trisis developers
U.S. critical infrastructure operators should be on high alert — with a close eye on network anomalies — following the revelation that a hacking group that caused a Saudi industrial plant to shut down last year is targeting facilities outside of the Middle East, industry experts told CyberScoop. “Detecting these types of advanced, stealthy threats requires extraordinary visibility into your OT [operational technology] network,” said Marty Edwards, former head of the Department of Homeland Security’s Industrial Control Systems (ICS) CERT. “Unfortunately, not all U.S. critical infrastructure asset owners are at that level of maturity.” The hacking group’s expanded operations mean that U.S. infrastructure operators “should no longer remain complacent in thinking that this is just an issue somewhere else in the world,” Edwards added. The developers of the Trisis malware, which is designed to ravage the control systems that allow plants to safely shut down, have attacked multiple U.S. companies, […]
The post U.S. industry experts call for vigilance after Trisis group goes global appeared first on Cyberscoop.
Continue reading U.S. industry experts call for vigilance after Trisis group goes global
The group behind the Triton malware that triggered an emergency shutdown last year at a critical infrastructure organization in the Middle East is still active and has expanded its operations to industrial controllers in facilities in other regions of… Continue reading Hacker Group Targeting Industrial Controllers Expands Its Operations
A group known for infecting a Saudi petrochemical plant with highly sophisticated industrial control malware has targeted the same type of systems inside the United States, according to new research by ICS-focused cybersecurity startup Dragos. The group behind the malware, which Dragos refers to as “Xenotime,” has expanded their operations to include attacks on multiple undisclosed U.S. companies. The malware shows similarities to what’s commonly known as Trisis, which was used in an attack last year in Saudi Arabia. While Trisis exploited one particular industrial control system, researchers say a new variant impacts a variety of safety instrumented systems. Safety instrumented systems, or SIS for short, are hardware and software controls that protect large-scale industrial processes and equipment typically found in nuclear, petrochemical or manufacturing plants. There are few companies who create and manage SIS systems, including but not limited to St. Louis-based Emerson, New Jersey-based Honeywell, and Tokyo-based Yokogawa. Dragos has […]
The post Trisis masterminds have hacked U.S. industrial firms, new research claims appeared first on Cyberscoop.
Continue reading Trisis masterminds have hacked U.S. industrial firms, new research claims