Hackers That Took Down Saudi Oil Site Probing US Power Grid

Xenotype has been probing utilities in the US and Asia-Pacific since late 2018, says cybersecurity firm Dragos.

Will Wade (Bloomberg) -- A group of hackers that shut down a Saudi Arabian oil and natural gas facility in 2017 is now targeting electric utilities, according to the cybersecurity company Dragos Inc.

The group, Xenotime, has been probing utilities in the U.S. and Asia-Pacific regions since late 2018, Hanover, Maryland-based Dragos said in a blog post Friday. They’ve focused mostly on electronic control systems that manage the operations at industrial sites, Dragos said.

U.S. officials have long warned grids are acutely vulnerable to cyber attacks. Disrupting a region’s electrical infrastructure could cause widespread chaos, triggering blackouts and crippling financial markets, transportation systems and more.

“While none of the electric utility targeting events has resulted in a known, successful intrusion into victim organizations to date, the persistent attempts, and expansion in scope is cause for definite concern,” Dragos said in its post.

The blog said the attackers appear to be probing for weaknesses in the U.S power systems -- a step to be considered far less serious than an actual attack -- and there is so far no evidence of “a known, successful intrusion.”

Xenotime gained notice after a 2017 malware attack on a Saudi Arabian petrochemical facility, Dragos said. The attackers targeted safety systems to cause “loss of life or physical damage,” according to the blog post.

TAGS: Energy
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish