U.S. Issues Sanctions on Russian Center Involved in Potentially Deadly Cyberattacks
The penalties were aimed at a Russian research center that developed tools used in a cyberattack on a Saudi petrochemical plant, which took out the safety controls used to prevent an explosion.
The United States on Friday imposed economic sanctions against a Russian government research organization that was responsible for a potentially deadly cyberattack on a Saudi petrochemical facility in 2017.
The sanctions did not name the target, but its description of the attack matched with a hacking that year of Petro Rabigh, the Saudi oil giant, that shut off the safety systems that are used to prevent an explosion. The attackers may have succeeded had a mistake in their code not inadvertently shut down the plant.
Private cybersecurity researchers have called the group that pulled off the attacks “the most dangerous threat activity publicly known.”
According to the sanctions, Russia’s State Research Center of the Russian Institute of Chemistry and Mechanics built the custom tools used in a spate of 2017 attacks on oil facilities in the Middle East as well as attempted hackings of at least 20 electric facilities in the United States. The tools, officials said, had the “capability to cause significant physical damage and loss of life.”
The first attack on Petro Rabigh, in August 2017, compromised industrial controllers made by Schneider Electric, which keep equipment operating safely by regulating voltage, pressure and temperature. Russian hackers used their access to shut off the safety locks in those controllers, leading investigators to believe the attack was most likely intended to cause an explosion that would have killed people.
The episode prompted an investigation by the National Security Agency, the F.B.I., the Department of Homeland Security and the Pentagon’s Defense Advanced Research Projects Agency, as well as investigators at Schneider, the security firm FireEye’s Mandiant security team and Dragos, a security firm that specializes in industrial control security.
“Explicitly calling out attacks on industrial control systems is very important,” said Nathan Brubaker, a senior analyst at Mandiant, which first connected the attacks to the Russian research lab in 2018. “The longer you let this activity go, the more OK it becomes, which is really dangerous when you are talking about systems that are core to human life.”
Schneider controllers are used in more than 18,000 plants around the world, including nuclear and water treatment facilities, oil and gas refineries, and chemical plants.
“Such systems provide for the safe emergency shutdown of industrial processes at critical infrastructure facilities in order to protect human life,” Treasury Department officials said in their statement on Friday announcing the sanctions.