Indictment of Russian National Offers Glimpse Into Methodical Targeting of Energy Firm

Evgeny Viktorovich Gladkikh tried to cause catastrophic damage to the Saudi oil refinery in 2017 via the Triton/Trisis malware, the US has alleged.

A 2021 indictment that was unsealed this week against a Russian national for allegedly attacking an oil refinery in Saudi Arabia in 2017 has provided a glimpse into the methodical — and sometimes chilling — a rigor that state-backed actors can put into breaching target networks and systems.

Details contained in the indictment also showed how actors can leverage their access to an organization’s IT network to make their way into OT networks and business-critical industrial control system environments.

The US government Thursday unsealed a three-count indictment charging Russian national Evgeny Viktorovich Gladkikh and unnamed co-conspirators for their role in a 2017 attack that twice triggered emergency shutdowns of an oil refinery in Saudi Arabia. Gladkikh and his partners are accused of attempting to cause physical damage to the energy facility and of intentionally damaging systems controlling critical safety equipment at the site. The indictment was one of two the US government unsealed this week. The second involved three Russian Federal Security Service officers who allegedly were behind a long-running series of cyberattacks against organizations in the energy sector.

Gladkikh’s attacks garnered considerable attention when they happened because they involved the use of malware — which some have dubbed Triton and others Trisis — specifically designed to cause catastrophic damage to an industrial plant. The malware targeted specific models of a safety instrumentation system (SIS) called Triconex from Schneider Electric that the plant was using at the time to monitor systems responsible for tasks like burn management and sulfur recovery. A malfunction of those systems could have resulted in explosions Read more:

Leave a Reply

Your email address will not be published. Required fields are marked *