The United States on Friday imposed economic sanctions on a Russian government research organization that was responsible for a potentially fatal cyber attack on a Saudi petrochemical plant in 2017.
The sanctions did not identify the target, but his description of the attack coincided with hacking that year by Saudi oil giant Petro Rabigh, who disabled security systems that prevented an explosion. The attackers may have managed to have a bug in their code that did not accidentally shut down the plant.
Private cybersecurity researchers have described the group that carried out the attacks as "the most dangerous publicly known threat activity".
According to the sanctions, the Russian State Research Center of the Russian Institute of Chemistry and Mechanics built the custom tools used in a spate of attacks on oil facilities in the Middle East in 2017, as well as attempted hacking attacks on at least 20 electrical facilities in the US. The tools, officials said, have the "ability to cause significant physical damage and death".
The Russian embassy did not immediately respond to a request for comment.
The first attack on Petro Rabigh in August 2017 compromised Schneider Electric's industrial controls, which regulate voltage, pressure and temperature to ensure safe operation of the devices. Russian hackers used their access to lock the security locks on these checkers, leading investigators to believe that the attack was most likely supposed to cause an explosion that would have killed people.
The episode led to an investigation by the National Security Agency, the FBI, the Department of Homeland Security and the Pentagon's Advanced Defense Research Agency, as well as investigators at Schneider, the Mandiant security team at the FireEye security firm, and Dragos, a security firm that specializes in industrial control security .
"It is very important to explicitly trigger attacks on industrial control systems," said Nathan Brubaker, senior analyst at Mandiant, who first linked the attacks with the Russian research laboratory in 2018. "The longer you do this activity, the better it is." becomes what is really dangerous when you talk about systems that are central to human life. "
Schneider controls are used in more than 18,000 plants around the world, including nuclear and water treatment plants, oil and gas refineries, and chemical plants.
"Such systems enable the safe shutdown of industrial processes in critical infrastructure facilities in an emergency to protect people's lives," said Treasury officials in their statement on Friday, in which they announced the sanctions.
In the aftermath of the cyberattack on Petro Rabigh, private investigators caught the same group that targeted energy companies in Northern Europe, digitally driving by more than a dozen US electricity companies to look for ways to gain access to their systems.
"Not only are you clever, but you're the only actor who has tried to break the line into killing people," said Robert M. Lee, Dragos executive director. "They showed not only the ability, but also the intention to hurt people, which no other actor had done."
They came days after the Justice Department overturned the charges against six Russian military intelligence officers charged with aggressive cyberattacks on the 2017 French elections, the 2018 Winter Olympics and Ukraine's electricity grids, as well as another 2017 attack on companies like Merck, Mondelez and FedEx were indicted and Pfizer and caused billions of dollars in damage.
On Thursday the F.B.I. and the Cybersecurity and Infrastructure Security Agency accused the same Russian hackers who broke into America's power grid of hacking state and local systems, including some election support systems.
The federal prosecutor's office has publicly downplayed the timing of the charges and sanctions, but some officials said privately they wanted to send a clear message that American officials are closely monitoring Russia's information war systems ahead of the November 3 presidential election to see if they are ready to hack electoral systems To reinforce America's political rifts or penetrate the minds of voters.
The Russian hackers behind the attacks did not name the sanctions. As a result of Friday's measures, Russia's government-affiliated research center and related individuals will have frozen assets or real estate they hold in the US.
The sanctions also subject anyone doing business or doing research with the center to similar punishment. "Nobody at international level is going to touch them now," Lee said.