Hackers behind the world’s deadliest code are probing US power firms

A group called Xenotime, which began by targeting oil and gas facilities in the Middle East, now has electrical utilities in the US and Asia in its sights.
The news: Industrial cybersecurity firm Dragos says it has uncovered evidence that Xenotime has been laying the early groundwork for potential attacks on power companies in the US and elsewhere. The hackers have been testing password defenses and trying to steal login credentials from employees since the end of 2018.
Safety threat: Xenotime is the group behind Triton—code that can disable safety systems that are the last line of defense against serious industrial accidents. The malware was discovered in a Saudi petrochemical plant in 2017 before it could cause any damage. Cybersecurity experts say it can be used to attack safety controls in everything from dams to nuclear power plants.
The good news: Dragos believes the probing of US and Asian targets is still at a very early stage, and the firm hasn’t found any sign—so far—that the Xenotime group has been able to penetrate systems and introduce the Triton malware.
The not-so-good news: The hackers, who some security experts suspect may be linked to the Russian government, are patient and persistent. They spent more than a year worming their way into the Saudi plant’s systems and putting the Triton malware in place.
Deep Dive
Computing

Quantum computing has a hype problem
Quantum computing startups are all the rage, but it’s unclear if they’ll be able to produce anything of use in the near future.

These hackers showed just how easy it is to target critical infrastructure
Two Dutch researchers have won a major hacking championship by hitting the software that runs the world’s power grids, gas pipelines, and more. It was their easiest challenge yet.

Russia hacked an American satellite company one hour before the Ukraine invasion
The attack on Viasat showcases cyber’s emerging role in modern warfare.

Russia is risking the creation of a “splinternet”—and it could be irreversible
If Russia disconnects from—or is booted from— the internet’s governing bodies, the internet may never be the same again for any of us.
Stay connected

Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.