Russia, who has been known to target big industries in the past, has been blamed for the attack on critical infrastructure including a Saudi petrochemical plant. The attacks were carried out in 2017 and used the malware strain Triton, or Trisis, which was discovered in September 2017. The malware is specifically designed to interact with Schneider Electric’s Triconex Safety Instrumented System (SIS) controllers. The malware allows the attacker to either shutdown production processes or allow SIS-controlled machinery to work in an unsafe manner. It is believed that the group behind the malware, which has been named TEMP.Veles, is working with the Central Scientific Research Institute of Chemistry and Mechanics (CNIHM), a government owned technical research institute located in Russia. Researchers believe that CNIHM was part of the attacks through evidence gathered by secondary malware which linked CNIHM to attacks that were previously carried out.Russia has always been on the front end of attacks on critical systems whether it be in the power industry, water industry, or a petrochemical plant and it is likely Russia will continue to target critical systems in future attacks to gain control over them.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased