Hackers compromised computer systems at a petrochemical plant in Saudi Arabia last August, aiming to not only destroy or steal data but to cause a deadly explosion, investigators and cybersecurity experts told The New York Times, adding that they fear that the perpetrators could try to replicate such an attack in other countries because the compromised systems are used in thousands of industrial plants worldwide.
Investigators—who include a team from the maker of the compromised systems, as well as the FBI, the National Security Agency, the Department of Homeland Security, and teams of cybersecurity experts—have declined to name either the company whose petrochemical plant was a target of the August attack in Saudi Arabia or the country in which that company is based. They have not identified the culprits either, the NYT reports.
Investigators and cybersecurity experts believe a nation-state was most likely responsible for the attack on the plant in Saudi Arabia in August, because the hackers had resources and plenty of time and the computer code had not been anything like in previous cyberattacks, the NYT’s sources say.
Back in August, the only thing that prevented the attack from being successful and causing physical damage was a bug in the hackers’ computer code that had inadvertently shut down the plant’s systems. According to investigators and experts who spoke to the NYT, the attackers have probably fixed their flawed code by now and could try again a similar attack against another industrial plant.
The compromised system was Schneider Electric’s Triconex controllers, which perform tasks such as regulating voltage, temperatures, and pressure, maintaining safe operations of the system.
According to Schneider Electric’s website, more than 18,000 Triconex safety systems have been delivered to over 80 countries. These controllers are used in oil refineries, water treatment facilities, nuclear plants, and chemical plants, among others.
“If attackers developed a technique against Schneider equipment in Saudi Arabia, they could very well deploy the same technique here in the United States,” James A. Lewis, a cybersecurity expert at the Washington-based think-tank Center for Strategic and International Studies, told the NYT.
News source: Link