In August last year, a petrochemical company in Saudi Arabia was allegedly the target of a computer attack that was intended to cause an explosion. Thousands of factories worldwide would run the same industrial control system.
The attackers allegedly targeted Schneider Electric’s Triconex Safety controllers. In industrial systems at 18,000 industries worldwide, these controllers must safely handle tasks such as voltage, pressure and temperature. In the August attack, the controllers are said to have been sabotaged from the outside for the first time.
According to researchers, the attackers managed to smuggle a piece of malware into the controllers that looked like legitimate code. Due to a programming error, the sabotage attempt failed and the production systems completely shut down. Researchers now fear that the attackers have improved their code and are capable of attacking other industries.
The case is being investigated by security firm Mandiant, a team from Schneider Electric, the NSA, FBI, Homeland Security and the Pentagon’s Defense Advanced Research Projects Agency, The New York Times reported citing multiple sources familiar with the computer attack. It is not yet clear who is responsible for the attack. The NYT links it to previous computer attacks on Saudi petrochemical companies in 2017, which allegedly were intended to cause long-term damage.
At the beginning of this year, Cyberscoop already wrote about the attack and according to that site, the malicious code has been given the names Triton and Trisis. The malware would fit into the ranks of malware targeting industrial control systems such as CrashOverride in Ukraine in 2016 and Stuxnet in Iran in 2010, but is more malicious because it specifically targets systems designed to protect people.