Categories: Technology

Feds Allege Destructive Russian Hackers Targeted US Refineries

[ad_1]

For years, the hackers behind the malware known as Triton or Trisis have stood out as a uniquely dangerous threat to critical infrastructure: a group of digital intruders who attempted to sabotage industrial safety systems, with physical, potentially catastrophic results. Now the US Department of Justice has put a name to one of the hackers in that group—and confirmed that their targets included a US company that owns multiple oil refineries.

On Thursday, just days after the White House warned of potential cyberattacks on US critical infrastructure by the Russian government in retaliation for new sanctions against the country, the Justice Department unsealed a pair of indictments that together outline a years-long campaign of Russian hacking of US energy facilities. In one set of charges, filed in August 2021, authorities name three officers of Russia’s FSB intelligence agency accused of being members of a notorious hacking group known as Berserk Bear, Dragonfly 2.0, or Havex, known for targeting electrical utilities and other critical infrastructure worldwide, and widely suspected of working in the service of the Russian government.

The second indictment, filed in June 2021, levels charges against a member of an arguably more dangerous team of hackers: a Russian group known variously as the Triton or Trisis actor, Xenotime or Temp.Veles. That second group didn’t merely target energy infrastructure worldwide but also took the rare step of inflicting real disruption in the Saudi oil refinery Petro Rabigh in 2017, infecting its networks with potentially destructive malware, and—the indictment alleges for the first time—attempting to break into a US oil-refining company with what appeared to be similar intentions. At the same time, a new advisory from the FBI cyber division warns that Triton “remains [a] threat,” and that the hacker group associated with it “continues to conduct activity targeting the global energy sector.”

Gladkikh and alleged co-conspirators at a Russian research institute are accused of being members of the uniquely dangerous Triton hacker group.Courtesy of FBI

The indictment of Evgeny Viktorovich Gladkikh, a staffer at the Moscow-based Kremlin-linked Central Scientific Research Institute of Chemistry and Mechanics (typically abbreviated TsNIIKhM), charges him and unnamed coconspirators with developing the the Triton malware and deploying it to sabotage Petro Rabigh’s so-called safety instrumented systems, sabotaging equipment intended to automatically monitor for and respond to unsafe conditions. The hacking of those safety systems could have led to disastrous leaks or explosions but instead triggered a fail-safe mechanism that twice shut down the Saudi plant’s operations. Prosecutors also suggest that Gladkikh and his collaborators appear to have tried to inflict a similar disruption on a specific but unnamed US oil refining firm, but failed.

“Now we have confirmation from the government,” says Joe Slowik, a researcher at security firm Gigamon who analyzed the Triton malware when it first appeared and has tracked the hackers behind it for years. “We have an entity that was playing around with a safety-instrumented system in a high-risk environment. And to try to do that not just in Saudi Arabia, but in the United States, is concerning.”

The indictment alleges that in February 2018, just two months after the Triton malware deployed at Petro Rabigh had been discovered by cybersecurity firms FireEye and Dragos, staffers at TsNIIKhM began researching US refineries, seeking out US government research papers that could detail which US refineries had the most capacity, the potential effects of fires or explosions at those facilities, and their vulnerability to nuclear attacks or other disasters.

[ad_2]
Source link
Admin

Recent Posts

Kijangwin is the latest online video gaming provider

Kijangwin is your brand-new go-to destination for all things internet gaming. Whether you're an informal…

2 days ago

How to Style Trendy Clothes Effortlessly

Hey there, fashion enthusiasts! Are you ready to dive into the world of trendy clothes…

3 days ago

How to effectively recover your frozen/stolen funds from fraudulent platforms

Hey there! If you're reading this, there's a good chance you've found yourself in the…

3 days ago

Important things about Core 2 . 0 regarding Hemp Users

Hey there, hemp enthusiasts! If you've been on the hunt for the next big thing…

5 days ago

Exploring the Features and Benefits of Strio

Hey there! Have you ever found yourself tangled up in the world of communication and…

1 week ago

The Importance of Pre-Sale Pest Control: Ensuring a Smooth Home Transaction

Are you worried that hidden critters might derail your home sale? Selling a house can…

1 week ago