The United States on Friday imposed an economic embargo against a Russian government research organization responsible for a potentially fatal cyber attack on a Saudi petrochemical facility in 2017.
The target was not named in the sanctions, but its attack was described with the hacking of Saudi Arabian giant Petro Rabies that year, Shut down security systems Which is used to stop the explosion. The attackers may succeed in that the plant was not closed by mistake in their code.
Private cyber security researchers have called the group that called the attacks “the most dangerous threat activity known publicly.”
according to this The restrictionsRussia’s State Research Center of the Russian Institute of Chemistry and Mechanics created custom tools that attempted hacking of at least 20 electric facilities in the United States, along with the 2017 attacks on oil facilities in the Middle East. Officials said the device had “the potential for physical harm and loss of life”.
The Russian embassy did not immediately respond to a request for comment.
The first attack on Petro Rab in August 2017, compromised industrial controllers made by Schneider Electric, who keep the equipment securely in place by regulating voltage, pressure and temperature. Russian hackers used their access to lock the security locks in those controllers, leading key investigators to believe that the attack was likely to have caused an explosion that would have killed people.
The case prompted the National Security Agency, the FBI, the Department of Homeland Security and the Pentagon’s Defense Advanced Research Projects Agency, as well as Schneider’s investigators, the security firm Fire’s Mandate Security Team, and Dragos, a security firm to investigate industrial controls. in safety.
“Obviously invoking attacks on industrial control systems is very important,” said Nathan Brubaker, a senior analyst at Mandiant, who first linked the attacks to the Russian research lab in 2018. “The longer you let this activity run, the more likely it will be.” Becomes really dangerous when you are talking about systems that are important to human life. “
Schneider controllers are used in more than 18,000 plants around the world, including nuclear and water treatment facilities, oil and gas refineries, and chemical plants.
“Such a system provides for the safe emergency closure of industrial processes in critical infrastructure facilities,” Treasury Department officials said in their statement on Friday, announcing the restrictions.
After the cyber attack on Petro Rabib, private investigators caught the same group targeting energy companies in Northern Europe and gained access to their systems, operating a digital drive-by of more than a dozen electric companies in the United States Looked for ways to do.
Dragos Chief Executive Officer Robert M. “They are not only sophisticated, but they are the only actors who have tried to cross the line in killing people,” Lee said. “Not only did he demonstrate ability but intended to hurt people, which no other actor did.”
They came after the days of the Department of Justice Allegations made The 2017 French elections against six Russian military intelligence officers accused of an aggressive cyber attack, the 2018 Winter Olympics and the power grid in Ukraine, as well as another attack in 2017 that hit companies such as Merck, Mondelez, FedEx and Pfizer and Caused billions of dollars of damage. .
On Thursday, the FBI and the Cyberspace Infrastructure Security Agency accused the same Russian hackers of infiltrating the US power grid of hacking state and local systems, including some electoral support systems.
Federal prosecutors have publicly shortened the time of the indictments and sanctions, but some officials said privately that they were intended to send a clear message that US officials were to push Russia’s information-warfare system ahead of the November 3 presidential election Looking closely, whether they are ready to hack the election system, increase America’s political extravagance or go inside the minds of voters.
The sanctions did not name Russian hackers behind the attacks. As a result of Friday’s action, Russia’s government-affiliated research centers and those associated with it will have assets or assets frozen in the United States.
The ban punishes anyone who does business or research with the center for similar penalties. “Internationally, no one is going to touch them anymore,” Mr Lee said.