(Bloomberg) — A group of hackers that shut down a Saudi Arabian oil and natural gas facility in 2017 is now targeting electric utilities, according to the cybersecurity company Dragos Inc.
The group, Xenotime, has been probing utilities in the U.S. and Asia-Pacific regions since late 2018, Hanover, Maryland-based Dragos said in a blog post Friday. They’ve focused mostly on electronic control systems that manage the operations at industrial sites, Dragos said.
U.S. officials have long warned grids are acutely vulnerable to cyber attacks. Disrupting a region’s electrical infrastructure could cause widespread chaos, triggering blackouts and crippling financial markets, transportation systems and more.
“While none of the electric utility targeting events has resulted in a known, successful intrusion into victim organizations to date, the persistent attempts, and expansion in scope is cause for definite concern,” Dragos said in its post.
The blog said the attackers appear to be probing for weaknesses in the U.S power systems — a step to be considered far less serious than an actual attack — and there is so far no evidence of “a known, successful intrusion.”
Xenotime gained notice after a 2017 malware attack on a Saudi Arabian petrochemical facility, Dragos said. The attackers targeted safety systems to cause “loss of life or physical damage,” according to the blog post.
–With assistance from Michael Riley.
To contact the reporter on this story: Will Wade in New York at firstname.lastname@example.org
To contact the editors responsible for this story: Lynn Doan at email@example.com, Joe Ryan, Pratish Narayanan