FireEye confirms another attack on critical infrastructure
Security firm FireEye disclosed some details Thursday of a recent attack on a critical infrastructure provider by what appears to be either a state actor or state-sponsored actors.
While it isn't sharing most of the details, FireEye is drawing attention to one key element unique to this attack. In this case, the malware in question was successful at defeating two systems, but in doing so appeared to inadvertently trip up another system, causing at least some interruption of service.
Why it matters: In many cases, nations may be trying to infiltrate key infrastructure to have a way in should they wish to attack, but aren't necessarily looking to do damage now. This incident shows in some cases they may be doing damage nonetheless.
"This proves getting into these systems can cause very real disruptions, even accidentally," said FireEye Director of Intelligence analysis John Hultquist. "This activity could be construed as sabotage by an adversary or even a military act of war. It could be completely unintentional."
The attack was against Triconex Safety Instrumented Systems, made by Schneider Electric, which also confirmed the issue, according to Reuters, which said the equipment is widely used in the energy industry, including at nuclear and oil and gas facilities.
What's not being shared: FireEye isn't saying what type of infrastructure was attacked, or even in which country it was located. (Reuters reported that two other security firms say the target firm was in the Middle East, with one saying Saudi Arabia.)