![\"refinery\"](\"https:\/\/techcrunch.com\/wp-content\/uploads\/2019\/04\/refinery.jpg?w=730&crop=1\")
A highly capable hacker group reportedly behind a failed plot to blow up a Saudi petrochemical plant has now been found in a second facility.<\/p>\n<\/u>Han sido hallados \u201crastros\u201d de otro ataque cibern\u00e9tico del malware \u201cTriton\u201d a una instalaci\u00f3n industrial aut\u00f3noma, del \u00e1rea Petroqu\u00edmica en Arabia Saudita. Este ataque de hackers orientados al ciberterrorisrmo \/ cibervandalismo, normalmente realiza sus acciones ingresando maliciosamente a los sistemas de control completamente aut\u00f3nomos, con que hoy operan las modernas plantas industriales, provocando\u00a0 severos da\u00f1os\u00a0y hasta destrucci\u00f3n de los citados sistemas, con las consecuencias imaginables en los procesos, en la infraestructura y en la\u00a0 seguridad.<\/p>\n
A highly capable hacker group reportedly behind a failed plot to blow up a Saudi petrochemical plant has now been found in a second facility.<\/p>\n
FireEye\u00a0<\/a>\u00a0researchers said it found traces of the so-called Triton group in another\u00a0unnamed \u201ccritical infrastructure\u201d facility. The group\u2019s eponymous\u00a0malware, previously\u00a0linked to the Russian government<\/a>, is designed to burrow into a target\u2019s networks and sabotage their industrial control systems, often used in power plants and oil refineries to control the operations of the facility.<\/p>\n By compromising these controls, a successful attack can cause significant disruption \u2014 even destruction.<\/p>\n The company was tight-lipped on the intrusion at the second facility, declining\u00a0to describe the type of facility or its location \u2014 or even the year of the attack.<\/p>\n \u201cWe assess the group was attempting to build the capability to cause physical damage at the facility when they accidentally caused a process shutdown that led to the Mandiant investigation,\u201d said Nathan Brubaker, senior manager, analysis at FireEye, in an email to TechCrunch describing the first incident.<\/p>\n Brubaker declined to comment on the motives of the second facility.<\/p>\n FireEye\u2019s latest research revealed more about how the hackers work. Their findings showed the hackers could spend close to a year after their initial compromise of a facility\u2019s network before launching a deeper assault, taking the time to prioritize their understanding of how the network looked and how to pivot from one system to another. The hackers\u2019 goal is to quietly gain access to the facility\u2019s safety instrumented system, an autonomous monitor that ensures physical systems don\u2019t operate outside of their normal operational state. These critical systems are strictly segmented from the rest of the network to prevent any damage in the event of a cyberattack.<\/p>\n By gaining access to the critical safety system, the hackers focused on finding a way to effectively deploy\u00a0Triton\u2019s\u00a0<\/a>\u00a0payloads to carry out their mission without causing the systems to enter into a safe fail-over state.<\/p>\n