Skip to Content
Computing

Hackers behind the world’s deadliest code are probing US power firms

June 14, 2019
Power lines
Power linesJustin Sullivan / Stringer

A group called Xenotime, which began by targeting oil and gas facilities in the Middle East, now has electrical utilities in the US and Asia in its sights.

The news: Industrial cybersecurity firm Dragos says it has uncovered evidence that Xenotime has been laying the early groundwork for potential attacks on power companies in the US and elsewhere. The hackers have been testing password defenses and trying to steal login credentials from employees since the end of 2018.

Safety threat: Xenotime is the group behind Triton—code that can disable safety systems that are the last line of defense against serious industrial accidents. The malware was discovered in a Saudi petrochemical plant in 2017 before it could cause any damage. Cybersecurity experts say it can be used to attack safety controls in everything from dams to nuclear power plants.

The good news: Dragos believes the probing of US and Asian targets is still at a very early stage, and the firm hasn’t found any sign—so far—that the Xenotime group has been able to penetrate systems and introduce the Triton malware.

The not-so-good news: The hackers, who some security experts suspect may be linked to the Russian government, are patient and persistent. They spent more than a year worming their way into the Saudi plant’s systems and putting the Triton malware in place.

Deep Dive

Computing

Inside the hunt for new physics at the world’s largest particle collider

The Large Hadron Collider hasn’t seen any new particles since the discovery of the Higgs boson in 2012. Here’s what researchers are trying to do about it.

Why China is betting big on chiplets

By connecting several less-advanced chips into one, Chinese companies could circumvent the sanctions set by the US government.

How Wi-Fi sensing became usable tech

After a decade of obscurity, the technology is being used to track people’s movements.

Algorithms are everywhere

Three new books warn against turning into the person the algorithm thinks you are.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.