Hackers behind the world’s deadliest code are probing US power firms

Martin Gilesarchive page

June 14, 2019

Power linesJustin Sullivan / Stringer

A group called Xenotime, which began by targeting oil and gas facilities in the Middle East, now has electrical utilities in the US and Asia in its sights.

The news: Industrial cybersecurity firm Dragos says it has uncovered evidence that Xenotime has been laying the early groundwork for potential attacks on power companies in the US and elsewhere. The hackers have been testing password defenses and trying to steal login credentials from employees since the end of 2018.

Safety threat: Xenotime is the group behind Triton—code that can disable safety systems that are the last line of defense against serious industrial accidents. The malware was discovered in a Saudi petrochemical plant in 2017 before it could cause any damage. Cybersecurity experts say it can be used to attack safety controls in everything from dams to nuclear power plants.

The good news: Dragos believes the probing of US and Asian targets is still at a very early stage, and the firm hasn’t found any sign—so far—that the Xenotime group has been able to penetrate systems and introduce the Triton malware.

The not-so-good news: The hackers, who some security experts suspect may be linked to the Russian government, are patient and persistent. They spent more than a year worming their way into the Saudi plant’s systems and putting the Triton malware in place.

Deep Dive

Computing

Quantum computing has a hype problem

Quantum computing startups are all the rage, but it’s unclear if they’ll be able to produce anything of use in the near future.

Sankar Das Sarmaarchive page

These hackers showed just how easy it is to target critical infrastructure

Two Dutch researchers have won a major hacking championship by hitting the software that runs the world’s power grids, gas pipelines, and more. It was their easiest challenge yet.