A disturbing new form of malware that targets industrial equipment has been discovered in the wild in what may be a serious state-sponsored attack.

Dubbed “Triton” by researchers at FireEye Inc., the malware is said to have already shut down the operations of a critical infrastructure organization in the Middle East and is continuing to be deployed by those behind it. The name of the company wasn’t disclosed, but the malware is said to target equipment sold by Schneider Electric SE that is used in oil and gas facilities.

Schneider Electric specializes in energy management and automation solutions, spanning hardware, software and services. In particular, the malware was designed to disable Schneider’s Triconex product line. The webpage for Triconex describes the offering as “safety instrumented systems” that provide “solutions to protect people, the surrounding communities and the environment, while keeping production operating safely and continuously, throughout the life of your assets.”

FireEye notes in its report that the fact that the attacker targeted Schneider’s SIS suggests “an interest in causing a high-impact attack with physical consequences” and that the “attack objective not typically seen from cyber-crime groups.” Put more simply, whoever is behind the attack was looking to cause physical harm as opposed to trying to gain some sort of financial return.

Who did it is complete speculation at this point, but given that it’s known that the attack occurred in the Middle East, there are some likely contenders for victim and attacker. Earlier this year, the Gulf States and Egypt cut off diplomatic relations with Qatar over the country’s alleged links to Iran. The “Qatar Diplomatic Crisis” remains ongoing, so it’s possible the attack involved countries party to the dispute.

With the Triton malware now in the wild, FireEye recommends that asset owners should consider segregating safety system networks from process control and information system networks, leveraging hardware features that provide for physical control of safety controllers, and a number of other steps to protect themselves from a Triton attack.

Photo: U.S. Navy/Wikimedia Commons