FireEye warns that a nation-state appears to be infiltrating critical-infrastructure sites and developing ways to cause physical damage
Online attackers infiltrated a critical-infrastructure network, compromising systems and deploying malware designed to manipulate a system that could have shut down industrial processes, security firm FireEye warned in an advisory published on Dec. 14.
FireEye did not identify the attacker or attribute the attack, which is dubbed TRITON, to any specific group, nor did it name the victim, but stated that evidence points to “a nation-state preparing for an attack.” The malware could have stopped the critical-infrastructure’s systems from properly responding, leading to real-world damages, the company warned.
“The targeting of critical infrastructure to disrupt, degrade, or destroy systems is consistent with numerous attack and reconnaissance activities carried out globally by Russian, Iranian, North Korean, U.S., and Israeli nation state actors,” FireEye researchers stated in their analysis.
“Intrusions of this nature do not necessarily indicate an immediate intent to disrupt targeted systems, and may be preparation for a contingency.”
Nation-states have become increasingly active in cyber operations.