Email
Password
Remember meForgot password?
    Log in with Twitter

article imageHighly dangerous hacking group targeting U.S. electric grid

By Karen Graham     Jun 14, 2019 in Internet
Xenotime, a group of hackers that has previously targeted oil and gas companies, has been targeting the U.S. electric grid in recent months, according to new research released Friday by cybersecurity group Dragos.
Xenotime, the hacking group in question executed one of the most reckless cyberattacks in history—one that could have had easily turned destructive or even lethal in 2017 - infecting the safety systems of a Saudi petrochemical plant with highly specialized, life-threatening malware.
For several months, now, power grid-focused security analysts at the Electric Information Sharing and Analysis Center. or E-ISAC and the critical infrastructure security firm Dragos Inc. has been tracking the hacker group. The non-public alert was sounded on March 1.
Dragos reported that Xenotime began "probing" the networks of electric utilities in both the U.S. and countries in the Asia-Pacific region in late 2018, according to The Hill.
The report noted that none of the probes resulted in the group gaining access to an electric utility’s system, but wrote that “the persistent attempts and expansion in scope is cause for definite concern.” The group has been carrying out broad scans of dozens of US power grid targets, trying to find a way in.
Untitled
absentmindedprof
Xenotime is sometimes known as the Triton actor, after their signature malware. Triton was designed and deployed to manipulate industrial safety systems; specifically, it aimed at systems with the privilege to issue emergency shutdowns over industrial processes, according to Securicon.
The malware consists of two main modules documented by FireEye: trilog.exe and library.zip. Trilog.exe was the main executable that utilized the library.zip, which comprised a custom communication library used to interact with the Triconex controllers.
The malware is very sophisticated. While moving through the target network, the threat actors utilize many techniques to hide their activities such as: Renaming their files to appear legitimate, utilizing native Microsoft Windows tools like RDP and WinRM, and modifying timestamps of their files to blend in with the copious number of files in their payload directories.
Doing this gives the hackers an added layer of protection rendering security measures completely ineffective. Additionally, the Xenotime group is able to switch gears from hacking oil companies to electric utilities making the dramatic change significant, experts say.
There is no sign that the hackers are getting anywhere close to breaking into the U.S. power grid. But the mere fact that such a notoriously aggressive group has turned its sights on the US grid merits attention, says Joe Slowik, an industrial control systems-focused security researcher at Dragos who has tracked Xenotime, reports Wired.com.
More about US Electric grid, Hackers, Xenotime, Dragos Inc, Triton malware
 
Latest News
Top News