Russia's research institute hack Saudi industrial facility reports FireEye

Russia’s research institute hack Saudi industrial facility reports FireEye

The cybersecurity firm FireEye said the attack on a Saudi industrial was linked to Russia’s Central Scientific Research Institute of Chemistry and Mechanics facility in Moscow.

FireEye claims to have discovered evidence that proves the involvement of Russia’s Central Scientific Research Institute of Chemistry and Mechanics in the development of the TRITON malware that caused some industrial systems to unexpectedly shut down last year, including a petrochemical plant in Saudi Arabia.

FireEye said it linked the attack to the Russian Research Institute through clues such as IP addresses [87.245.143.140] and malware that revealed the online nickname of a hacker who worked for the lab.

The researchers also reported computer code malware TRITON were written in Cyrillic and noted that the attackers kept Moscow working hours, those were all the potential signs the hackers were Russian.

TRITON (Trisis) is an ICS malware designed to target the Triconex Safety Instrumented System (SIS) controllers which are often used in oil and gas facilities.Triconex Safety Instrumented System is an autonomous control system takes immediate actions automatically if a dangerous state is detected.

Neither Russian government nor the Russian research institute has responded to the FireEye report, Russia’s response is predictable, as the country has repeatedly denied such allegations from private cybersecurity firms in the past.

Recently the Department of Homeland Security and the FBI issued a joint report stating that the Russian government is targeting energy, nuclear and other critical systems.

The hackers behind Triton remained an active threat to critical infrastructure across the globe, as the malware is harmful and has the ability to cause severe, life-threatening damages to an organization or shut down its operations.

Leave a Reply

Your email address will not be published. Required fields are marked *

Single Column Posts

Single Column Posts Subtitle