Middle East Expected to See a Series of Cyber Attacks Disrupting Industrial Processes

Severity

High

Analysis Summary

“Russia and Iran are looking to conduct disruptive cyber-attacks on OT [operational technology] targets in the Middle East in a bid to disrupt industrial production.”, says FireEye, a major Security Solutions provider.

Experts are predicting that the operation will involve Triton malware that targets safety systems at industrial plants and destroys physical equipment.

State-sponsored or advanced persistent threat (APT) groups such as APT33, APT34, APT35 and APT39 are from Iran and their victims belong to every sector in the Middle East.

Recent Indicators of Compromise for the Triton malware are given below.

Impact

Disruption of Industrial processes

Indicators of Compromise

Malware Hash (MD5/SHA1/SH256)

• dc81f383624955e0c0441734f9f1dabfe03f373c
• 6c39c3f4a08d3d78f2eb973a94bd7718
• 437f135ba179959a580412e564d3107f
• b47ad4840089247b058121e95732beb82e6311d0
• 91bad86388c68f34d9a2db644f7a1e6ffd58a449
• 9c29c1ab56c939978ad6315d78571fa5
• 0face841f7b2953e7c29c064d6886523
• 1dd89871c4f8eca7a42642bf4c5ec2aa7688fd5c
• e98f4f3505f05bf90e17554fbc97bba9
• 97e785e92b416638c3a584ffbfce9f8f0434a5fd
• 288166952f934146be172f6353e9a1f5
• d6e997a4b6a54d1aeedb646731f3b0893aee4b82
• 27c69aa39024d21ea109cc9c9d944a04
• 66d39af5d61507cf7ea29e4b213f8d7dc9598bed
• f6b3a73c8c87506acda430671360ce15
• a6357a8792e68b05690a9736bc3051cba4b43227
• 4e5797312ed52d9eb80ec19848cadc95
• 2262362200aa28b0eead1348cb6fda3b6c83ae01
• 8b675db417cc8b23f4c43f3de5c83438
• 25dd6785b941ffe6085dd5b4dbded37e1077e222

Remediation

• Block the threat indicators at their respective controls.
• Keep all industrial equipment up-to-date and patched against all known vulnerabilities.