Skip to main content

Hackers shutdown Servers of Gas and Oil Companies, including some Industrial Factories.

By Editor

Automated Publishing Via Osuta Yusuf Robot Trigger.

FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware.

Cybersecurity firm FireEye claims to have discovered evidence that proves the involvement of a Russian-owned research institute in the development of the TRITON malware that caused some industrial systems to unexpectedly shut down last year, including a petrochemical plant in Saudi Arabia.

TRITON, also known as Trisis, is a piece of ICS malware designed to target the Triconex Safety Instrumented System (SIS) controllers made by Schneider Electric which are often used in oil and gas facilities.

Triconex Safety Instrumented System is an autonomous control system that independently monitors the performance of critical systems and takes immediate actions automatically if a dangerous state is detected.

Since malware of such capabilities can't be created by a computer hacker without possessing necessary knowledge of Industrial Control Systems (ICS), researchers believe with "high confidence" that Moscow-based lab Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM, a.k.a ЦНИИХМ) helped attackers, dubbed "TEMP.Veles," with institutional knowledge develop the TRITON framework and test its components in a targeted environment.

In a blogpost published earlier today, FireEye uncovered various attribution clues that connect the development and testing activities of Triton malware to the Russian government, CNIIHM and a former professor at CNIIHM.

"An IP address [ 87.245.143.140] registered to CNIIHM has been employed by TEMP.Veles for multiple purposes, including monitoring open-source coverage of TRITON, network reconnaissance, and malicious activity in support of the TRITON intrusion," FireEye wrote while pointing out evidence.

Moreover, behavior patterns observed in the TEMP.Veles group activity are also consistent with the Moscow time zone, where the CNIIHM institute is located.

Though CNIIHM researchers possess experience in critical infrastructure and the development of weapons and military equipment, FireEye did not claim or has any evidence if the institute was also involved in deploying the Triton malware in the wild.

"Some possibility remains that one or more CNIIHM employees could have conducted the activity linking TEMP.Veles to CNIIHM without their employer’s approval. However, this scenario is highly unlikely," FireEye researchers concluded.

Neither Russian government nor the CNIIHM institute has responded to the FireEye report, though we can predict Russia's response, as the country has repeatedly denied such allegations from private cybersecurity firms in the past.

What's concerning is that the hackers behind Triton remained an active threat to critical infrastructure across the globe, as the malware has the ability to cause severe, life-threatening damages to an organization or shut down its operations.

Comments

Post a Comment

Popular posts from this blog

UGANDA ELECTORAL COMMISSION TO ELIMINATE NATIONAL IDENTIFICATION CARDS (IDs) FOR 2021 GENERAL ELECTIONS.

By Editor
The elimination of using National IDs (Ndagamuntu) for the 2021 elections should not have come as a surprise. One would be very NAIVE to think that Bobi Wine has not prepared for this in his Business Plan under the RISK section. It is public knowledge that our EC is not independent.  It is also public knowledge that Military Dictator Yoweri Museveni will never lose an election. What stunned us this morning is when we noticed that on social media, people were mocking Bobi with his "get your Ndagamuntu".  We are on record for saying to all Our readers that the National ID is like Apartheid in South Africa. Students of History would know how those IDs were being used to arrest people, deny them jobs, deny them basic services. Consequently, Bobi was not wrong and will never be wrong on the Ndagamuntu. Except the ones attacking him and mocking him forget that in Uganda, now, no National ID (Ndagamuntu), no service.  If you have not been denied registering your child i...
Post a Comment
Read more

President Museveni Praises Soldiers for Torturing Bobi Wine in Arua on August 2018.

By Editor
        President Museveni at the passout of police officers in Masindi Friday https://www.facebook.com/1829407613953796 President Museveni has praised his Special Forces Command [SFC] guards for properly and legally beating National Unity Platform [NUP] presidential flagbearer, Robert Kyagulanyi aka Bobi Wine. “The other day, there was a fracas in West Nile where our young friend Bobi Wine was fighting security people,” Museveni said Friday while passing out police recruits at Kabalye Training School in Masindi district. “I think they beat him a bit and then they came and said a Member of Parliament has been beaten. I said let me study and see how he was beaten. I found the man had been beaten in the right way,” Museveni explained. “This was because…I think this was SFC people who are not police-minded. They are used to doing other things. But somehow they managed to act properly, I was surprised.” When they [SFC] went where this young man was in the room, he had ca...
Post a Comment
Read more

Here is Why Our Utterances For Praying Jesus And God To Come Liberate Ugandans, May Be Misplaced. This Phrase is like inform of a Letter To Some Categorized Section Of Ugandans.

By Editor
https://m.facebook.com/yusufosuta/photos/a.1896701010557789/2070383359856219/?type=3 OPEN LETTER TO NRM SUPPORTERS - NATIONAL ROBBERS MOVEMENT. .................................................................................. Last week of March, a friend told me to pray for Uganda.  I told him that he was an Idiot and we have prayed for too long and we are still hungry and sick and Jesus is not coming soon to liberate us. He then ignored the STUPID and sent me a picture we all now know.  It got me totally messed up.  This guy was telling me to pray then sends a picture of men bowing down in blood.  He might have meant guns but I blocked him because his utterances of praying for Uganda were misplaced. I unblocked him 3 weeks later and asked him about praying and assassinations.  His reply "eithrr prayers or guns or both". I hate violence with a passion.  So he is now blocked in like FOREVER. Do you feel safe?  Do not feel safe. Uganda regim...
Post a Comment
Read more