Hackers to stop the operation of a plant in the ‘watershed’ cyber attack


Hackers have managed to invade the security of the system, an infrastructure facility, in what analysts are calling a “watershed” cyber attack that halted plant operations, according to the researchers.

Reuters reports that FireEye disclosed the incident Thursday, saying that the hackers ─ most likely working for a nation-state ─ targeted Triconex industrial safety of the technology of Schneider Electric SE.

Schneider confirmed the incident and said that it had issued a warning for customers of the technology, which is used in the power industry on the nuclear facilities, and oil and gas installations.

None of the businesses identified on the specific target, the industry or the location of the attack. Two cybersecurity companies speculated that the victim was in Saudi Arabia or in general somewhere in the Middle-East.

Although hackers are increasingly focused on targeting utilities and other critical infrastructure, this incident marks the first report of a security system breach at an industrial company by hackers, security experts, told Reuters.


These types of attacks, which experts fear could be used by nation-states or terrorist groups, hackers may be able to disable the safety systems in advance of a broad attack.

The attack shows that the plant safety systems “could be fooled to indicate that everything is in order” when hackers potentially harmful to a plant in the background, Galina Antova, co-founder of cybersecurity company Claroty, told Reuters.

“This is a turning point,” Sergio Caltagirone, head of threat intelligence with Dragos, added. “Others will eventually catch up and try to copy this kind of attack.”

In the incident, hackers used sophisticated malware to take remote control of a workstation with a Schneider Electric, Triconex Tricon safety shutdown of the system, looking for the re-programming of controllers that are used to identify problems with the safety.

During that incident, some of the controllers went on a fail-safe mode, making processes related to the shutdown and caused the plant to identify the attack, FireEye confirmed to Reuters.

Christopher Carbone is a reporter for Follow him on Twitter @christocarbone.

Follow us

Don't be shy, get in touch. We love meeting interesting people and making new friends.

Most popular