A cyber threat group known for targeting oil and gas facilities has now expanded its attention to electric utilities in the US and Asia-Pacific, researchers say.
The Xenotime group, which researchers say was behind an attempt to cause an exposion at a Saudi Arabian oil and gas installation in 2017, began probing electric utilities in late 2018, said US-based security firm Dragos.
“This behaviour could indicate the activity group was preparing for a further cyberattack, or at minimum satisfying the prerequisites for a future industrial control system (ICS)-focused intrusion,” Dragos said in an advisory.
It added that other groups targeting industrial systems are likely to follow suit and expand across multiple vertical sectors.
Dragos, which specialises in ICS security, called Xenotime the “most dangerous threat” to industrial systems due to its willingness to “undermine fundamental process safety”, placing “lives and environments at great risk”.
In late 2017 researchers said the hacking group had infected a Saudi petrochemical plant with malware known as Triton or Trisis, which aims to disrupt safety systems.
The attack was the first time an attack on ICS systems was known to have been intended to cause physical damage or loss of life.
Dragos said it detected the group’s expansion of focus in February, with scans of electrical utilities in the US and Asia-Pacific.
It said that so far none of Xenotime’s external scanning and research on electric utilities was known to have resulted in a successful intrusion.
Oil and gas companies remain at risk from Xenotime, Dragos said.
The group’s actions should be “a cause for deep concern given this adversary’s willingness to compromise process safety”, the security firm said.
It said companies operating such equipment should take precautions and work with governments and businesses in other sectors to improve security.
“The time to plan, implement, and enforce security standards and response processes in industrial environments is now,” Dragos said in its advisory.
US power companies say in some cases data centre requests exceed their peak demand or…
Some 2,000 support staff reportedly laid off as Microsoft ends China outsourcing deal with its…
DBS, Bank of China Singapore say customer data compromised after printing services supplier hit by…
UK Investigatory Powers Tribunal ends secrecy around Apple appeal of government order to provide access…
Tesla vice president of software engineering David Lau reportedly planning to step down amidst political…
Google AI Overview wrongly says Welsh town has won Guinness World Record for roundabouts in…