FireEye accuses Russia of hacking Saudi chemical plant

Trition is the latest strand of malware to be attributed to Russia, as FireEye accuses a Moscow-based lab of cyber attacks

Putin peaking out of window

Cyber security firm FireEye has blamed Russia for creating a suite of destructive malware used to attack a Saudi energy plant last year.

FireEye has said the malware, known as Triton, could have led to the Saudi petrochemical plant exploding and that the perpetrators were working for a laboratory run by the Russian government.

The cyber security firm explained that it could assess with "high confidence" that the deployment of Triton was supported by Russia's Central Scientific Research Institute of Chemistry and Mechanics (CHIIHM). 

Its confidence is explained by the path it took to find the perpetrator, tracking them through IP addresses linked to the CNIIHM lab. That online behaviour and activity, according to FireEye, was "consistent with the Moscow time zone" where CHIIHM is located.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

On Twitter, the security company's director of intelligence, John Hultquist, said: "FireEye has linked the Triton incident that inadvertently shutdown a plant when the actors were trying to disable safety systems to a Russian government institute."

FireEye admitted that it is possible for the attack to have been carried out by a rogue employee from the lab, but said that it was highly unlikely and that it's almost certainly a state-sponsored attack.

The Triton malware is particularly dangerous as it is specifically designed to infect industrial control systems and is a framework for manipulating them. Its intended purpose is to destabilise the safety systems and protection monitors so hackers can cause all kinds of damage undetected.

The attack on the plant ultimately proved unsuccessful as the failsafe it targeted caused the plant to shut down. The hackers left few clues initially and the attack was first thought to be the work of Iran, given that it was a Saudi Arabian target.

However, FireEye has pointed the finger at Russia, which has recently been linked to a number of high-profile global cyber attacks.

Earlier this month the UK, the US and the Netherlands accused Russia of attacks on global organisations under the guise of the GRU. These attacks include leaking WADA emails containing details of football players that had applied for drug exemptions, ransomware known as "Bad Rabbit" and hacking the US elections in 2016.

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/technology/artificial-intelligence-ai/354796/ai-identifies-11-earth-bound-asteroids
artificial intelligence (AI)

AI identifies 11 earth-bound asteroids

18 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020
Visit/business/business-operations/354790/hp-shareholders-invited-to-come-dine-with-xerox
Business operations

HP shareholders invited to come dine with Xerox

17 Feb 2020