Updated Jun 2, 2018

Hacking group targets industrial safety systems

Industrial protective gear including a hardhat

Photo: sarote pruksachat/Getty Images

A hacking group known as XENOTIME, which shut down an industrial plant in the Middle East last year, is expanding its targets and could launch destructive attacks on the safety components of industrial control systems, the cybersecurity firm Dragos reports in a blog post.

Why it matters: Such attacks could affect operations at nuclear, chemical, and other industrial plants, and outcomes involving death or physical harm could be either a goal or an acceptable outcome of the attacks. Per Dragos, "XENOTIME is easily the most dangerous threat activity publicly known ... which can lead to scenarios involving loss of life and environmental damage."

What we know: XENOTIME "is presently operating in multiple facilities targeting safety systems," according to Dragos.

"It is the only activity group intentionally compromising and disrupting industrial safety instrumented systems."
— Dragos on XENOTIME

What we don’t know: Where those facilities are and which systems are being targeted, and which country may be behind the group.

The original attack: Dragos and FireEye published a report in December 2017 chronicling XENOTIME's attack on Schneider Electric’s Triconex safety instrumented system using both custom malware and credential gathering tools. The operation didn’t play out as planned because of a misconfiguration.

  • What to watch, per Dragos: “As XENOTIME matures, it is less likely that the group will make this mistake in the future.”
Go deeper