Hackers managed to invade the safety system of an infrastructure facility in what analysts are calling a “watershed” cyberattack that stopped plant operations, according to investigators.
Reuters reports that FireEye disclosed the incident on Thursday, saying that the hackers ─ likely working for a nation-state ─ targeted Triconex industrial safety technology from Schneider Electric SE.
Schneider confirmed the incident and said it had issued a security alert to customers of the technology, which is used in the energy industry at nuclear facilities, and oil and gas plants.
Neither company identified the specific victim, industry or location of the attack. Two cybersecurity firms speculated that the victim was either in Saudi Arabia or generally somewhere in the Middle East.
Although hackers have increasingly focused on targeting utilities and other critical infrastructure, this incident marks the first report of a safety system breach at an industrial plant by hackers, security experts told Reuters.
These types of attacks, which experts fear could be used by nation-states or terrorist groups, could allow hackers to turn off safety systems in advance of any broad attack.
The attack demonstrates that plant safety systems “could be fooled to indicate that everything is okay” when hackers are potentially damaging a plant in the background, Galina Antova, co-founder of cybersecurity firm Claroty, told Reuters.
“This is a watershed,” Sergio Caltagirone, head of threat intelligence with Dragos, added. “Others will eventually catch up and try to copy this kind of attack.”
In the incident, hackers used sophisticated malware to take remote control of a workstation running a Schneider Electric Triconex Tricon safety shutdown system, seeking to reprogram controllers used to identify safety issues.
During that incident, some of the controllers entered a fail safe mode, which caused related processes to shut down and caused the plant to identify the attack, FireEye confirmed to Reuters.