When mysterious hackers triggered the shutdown of a Saudi Arabian oil refinery in August of 2017, the subsequent investigation found that the malware used in that attack had unprecedented, uniquely lethal potential: It was intended to disable safety systems in the plant designed to prevent dangerous conditions that could lead to leaks or explosions. Now, three years later, at least one Russian organization responsible for that callous cyberattack is being held to account.
Today the US Treasury imposed sanctions on Russia's Central Scientific Research Institute of Chemistry and Mechanics, the organization that exactly two years ago was revealed to have played a role in the hacking operation that used that malware known as Triton or Trisis, intended to sabotage the Petro Rabigh refinery's safety devices. Triton was designed specifically to exploit a vulnerability in the Triconex-branded "safety-instrumented systems" sold by Schneider Electric. Instead, it triggered a failsafe mechanism that shut down the Rabigh plant altogether.
The sanctions effectively cut off the institution from doing business in or with the US. They also represent the first government statement holding Russia—or any other country—responsible for that potentially destructive attack, only the third-known malware ever to have appeared in the wild that directly interacted with industrial control systems. And although Triton malware is only publicly known to have been deployed against that Saudi Arabian target, Treasury secretary Steve Mnuchin's statement announcing the new sanctions made clear that the message is meant to deter any similar attack against US i ..
Support the originator by clicking the read the rest link below.
