Hackers target petrochemical plants in Middle East

Security researchers at IBM said they had uncovered a series of hacking attacks aimed at Middle Eastern petrochemical companies.

The researchers, at IBM’s Trusteer division, said the hackers were using a variant of financial malware known as Citadel, which was first discovered in 2012.

Citadel was originally engineered to steal victims’ banking credentials by capturing their keystrokes and taking computer screenshots. But the researchers said that hackers targeting petrochemical companies have altered Citadel to add more functions: to take complete control over a victim’s PC and allow hackers to gain access to a victim’s corporate network. They have also made modifications in the malware to evade antivirus products and traditional security controls.

Dana Tamir, director of enterprise market research for IBM’s Trusteer division, and Diana Kelley, the energy and utilities lead for IBM’s security systems, said their discovery was particularly disconcerting because petrochemical plants are a “high-impact, high-value target.” By hacking into a petrochemical plant, the attackers could gain access to manufacturing processes that would allow them to affect a product, or in a worst case, cause a chemical explosion.

Ms. Tamir and Ms. Kelley declined to name the victims of the attacks, citing an IBM corporate policy to privately notify victims but not name them publicly. They did say the targets included “one of the largest sellers of petrochemical products in the Middle East, a major distributor of petrochemical products in the Middle East and a regional supplier of raw petrochemical materials.”

The researchers said they had notified the victims and were analyzing the malware and its command and control center for clues to who was behind the attacks, but had yet to draw any conclusions. “It could be a nation-state or a highly organized cybercrime group,” Ms. Kelley said.

At this stage, she added, “We simply don’t know.”

Energy companies are increasingly a target for hackers. In June, researchers reported that Russian hackers had attacked more than 1,000 energy organizations in more than 84 countries since 2012. In many cases, researchers said, the method they used to hack companies also gave them the opportunity to seize control of industrial control systems, in much the same way that the United States and Israel were able to use the Stuxnet computer worm in 2009 to take control of an Iranian nuclear facility’s computer systems and destroy a fifth of the country’s uranium supply.

© The New York Times 2014