Russia likely behind dangerous attack on Saudi energy plant: FireEye

WASHINGTON (Reuters) - A dangerous computer virus designed to destroy safety systems at industrial plants was likely developed by a Russian government-backed research institute, U.S. cybersecurity firm FireEye said on Tuesday.

It was the first time that Russia has been accused of developing the virus, dubbed Triton, which was used in a 2017 attack on safety systems at a Saudi energy plant that caused operations at the facility to shut down.

When the attack was first disclosed, FireEye and other firms said it was likely the work of a nation state but did not identify any suspects.

FireEye said the virus was developed with the help of Moscow’s Central Scientific Research Institute of Chemistry and Mechanics.

FireEye was hired by the victim to investigate the 2017 attack, in which Triton took remote control of a workstation running a safety system made by Schneider Electric SE. The virus sought to reprogram controllers used to monitor the plant for potential safety issues, causing some controllers to enter a fail safe mode.

The claim suggests that Russia has moved from conducting probes and reconnaissance in industrial environments to developing viruses capable of causing destruction at such plants, said John Hultquist, director of intelligence analysis for FireEye.

“They’ve crossed red lines. The intent was always there. This shows they also have the capability to cause significant damage,” Hultquist said.

Technical details in the code of the Triton virus provided evidence as to who developed the malware and where it originated, according to a report released by FireEye.

The cybersecurity firm said it believed the hackers who deployed Triton remain active, as they have also conducted “network reconnaissance” against additional, unnamed targets.

Representatives from the Russian embassy in Washington could not be reached for comment.

Russia has repeatedly denied allegations from private cybersecurity firms, the United States and its allies that Moscow was responsible for a string of cyber attacks around the world.

Reporting by Christopher Bing; Editing by Jim Finkle and Bernadette Baum