Xenotime: Hackers are behind two potentially lethal invasions of industrial facilities in America, according to researchers with Dragos security company.
Η hacking group, named Xenotime, 2017 quickly gained international attention when researchers reported that Xenotime caused a dangerous business stoppage at a critical infrastructure point in the Middle East. Researchers from Dragos have described the team as the world's most dangerous cyber threat ever since.
The most worrying thing about this attack was the use of unknown malware that targets installation security procedures. These systems are a combination of hardware and software that use many important infrastructure spaces to prevent the emergence of unsafe conditions. When gas fuel pressures or reactor temperatures reach potentially unsafe boundaries, for example, a SIS will automatically shut off the valves or start cooling operations to prevent accidents that threaten health or life.
In April, FireEye reported that malware SIS-tampering, known as Triton and Trisis, was used in an attack on another industrial facility.
According to Dragos, Xenotime performs network scans and multi-component identification in US networks. and other areas.
Attacks come in multiple forms. One is credential-stuffing attacks, which use codes that have been stolen in past, sometimes unrelated, violations in the hope that they will be used against new targets. In addition, we have the network scans, which record the various computers, routers and other devices connected to it, and list the network ports to which they receive connections.
So far, no one knows for sure who is behind Xenotime. The first suspicions have shown that hackers are working on behalf of Iran. Last October, FireEye was very confident that Triton was developed with the help of the Institute of Central Scientific Research in Chemistry and Engineering in Moscow. Russia has been linked to other critical infrastructure attacks, including one in December of 2015 on infrastructure in Ukraine that left hundreds of thousands of people in the Ivano-Frankivsk region of Ukraine without electricity. This attack represented the first known power outage it caused hacker. And almost exactly a year later, a second hack associated with Russia again threw electricity into Ukraine.