Hackers from the group Xenotime, which made news for compromising a Saudi oil facility in 2017, have now targeted American electrical utilities.
For the past several months, Xenotime has been probing power plants in the U.S., looking for vulnerabilities, according to a blog post by Dragos, the cybersecurity firm that first noticed Xenotime’s efforts. Though Dragos didn’t see any evidence that Xenotime had succeeded, the news is a troubling sign that our critical infrastructure could be taken down with some well-targeted keystrokes.
Slow and Steady
Xenotime is known for Triton, malware that can disable safety systems in power plants, nuclear facilities, and other facilities, according to the MIT Technology Review. That’s the code that Xenotime used to attack that Saudi oil plant after spending over a year searching for a way into the system.
And it’s that persistence that’s most troubling.
“While none of the electric utility targeting events has resulted in a known, successful intrusion into victim organizations to date, the persistent attempts, and expansion in scope is cause for definite concern,” reads the Dragos blog.
Dragos recommends that these power plants and other possible targets invest now in systems that will let them reclaim control from a successful hacker and quickly resume business as usual.
“Utilities, companies, and governments must work cooperatively around the world and across industrial sectors to jointly defend lives and infrastructure from the increasing scope and scale of offensive critical infrastructure cyber attack,” concludes the blog.
READ MORE: Hackers behind the world’s deadliest code are probing US power firms [MIT Technology Review]