Hackers, presumed to work for a nation-state, recently hacked a safety system belonging to a critical infrastructure facility that halted operations, according to cybersecurity researchers.
In a cyberattack disclosed by cybersecurity firm FireEye, an incident targeting Triconex industrial safety technology from Schneider Electric SE saw hackers’ intrusion trigger a security alert to users of Triconex, widely used in the energy industry including oil and gas plants and nuclear facilities.
Although FireEye and Schneider declined to identify the victim, industry or location of the attack, cybersecurity firm Dragos claimed the hackers targeted an attack in the Middle East. Another firm, CyberX, claimed the victim was in Saudi Arabia.
This is the first known incident of a safety system breach at an industrial plant, confirming fears that hackers have increasingly paid attention on breaking into utilities, factories and other types of critical infrastructure. Such a compromise would let hackers shut them down, enabling hackers to advance to attacking other parts of an industrial plant, potentially keeping operators from identifying and halting crippling attacks.
“This is a watershed,” said Sergio Caltagirone, head of threat intelligence with Dragos. “Others will eventually catch up and try to copy this kind of attack.”
Using sophisticated malware, hackers managed to take remote control of a workstation running a safety shutdown system before reprogramming controllers used to identify safety issues. Some controllers entered a fail-safe mode, causing related processes to shut down.
In a customer security alert provided to Reuters by Schneider, the firm confirmed it was working with the US Department of Homeland Security to investigate the attack.
The alert read:
While evidence suggests this was an isolated incident and not due to a vulnerability in the Triconex system or its program code, we continue to investigate whether there are additional attack vectors.
Image credit: Pexels.