Early this morning the National Critical Infrastructure Security Operations Center (CI-SOC) and the Federal Bureau of Inquiry published an alert concerning an ongoing terrorist attacks on the industrial control systems at chemical manufacturing plants involved in the manufacturing of chlorine products. This is related to the recent attack on the NACL Industries plant in Blew Bayou, LA.
Gen Buck Turgidson told reporters this morning that, while the NACL Industries facilities was the only one to date that had had its control system equipment erased, there have been indications that similar attacks were underway at two other chloralkali facilities. “While we were not able to stop the destruction of the production processes at NACL Industries,” Turgidson said, “We have been able to prevent the terrorists from taking down two other facilities this week. Today’s alert goes out to all facilities that produce or handle chlorine in bulk. It provides indicators of compromise that will allow facilities to determine if their systems are currently under attack.”
Johnathan Quest, spokesperson for the FBI, told reporters that they had assessed that the known eco-terrorist group, Students for Immediate Neutralization of Chlorine Technology and Energy Reversion (SFINCTER), was behind the attack. “They have not publicly claimed responsibilities for these attacks,” he said, “But there are numerous similarities between theses attacks and earlier ones carried out by SFINCTER. The wiper program that they are using was written by the North Koreans, and we have been tracking recent contacts between SFINCTER and the DPRK.”
Ernest A. LeSueur, President of NACL Industries, had recently confirmed that the attack on their facility looked initially like a ransomware attack. “We did pay a $1 million ransom,” LeSueur said, “But when we applied the decryption key provided by the attackers, we were only able to regain access to our corporate IT network.”
Quest confirmed that the FBI was attempting to track the bitcoin wallets used in processing the ransomware payment. “We have confirmed that about 10% of the payment has been transferred to a bank account that had been used by the DPRK in Singapore, but that account was closed shortly after the money was deposited. We suspect that that was payment for the use of the malware used by SFINCTER.”
Dade Murphy, CTO of Dragonfire Cyber, told reporters at this morning’s news conference that researchers from his organization were quickly able to establish that the North Korean SMASHINGCOCONUT wiper program had been adapted to erase all software on the industrial control system’s equipment at the plant. “The control system was comprehensively erased,” Murphy explained, “Servers, HMIs, PLCs, even the firmware for motor controllers and sensors was erased.”
LeSueur explained that the production and maintenance staff were hard at work replacing devices where they were available and beginning the reprogramming process where necessary. “We are receiving a great deal of assistance from Robotron, both on site and remotely.”
Turgidson urged all chlorine related chemical process facilities to take a hard look at today’s alert. We have strong reason to suspect that SFINCTER is planning a comprehensive attack on the chloralkali industry as part of their anti-chlorine manifesto. “We know that they have successfully attacked one facility and were in the processes of attacking two other facilities in Texas and Alabama,” the General said, “Other facilities are certainly in their sights.”
No comments:
Post a Comment