Schneider Electric said that hackers had exploited a flaw in its software in a watershed incident discovered last month that halted plant operations at an industrial facility.
News of the breach surfaced on 14 December when cyber security firms disclosed that hackers, likely working for a nation state, had invaded one of Schneider's Triconex safety systems. Neither Schneider nor cyber experts have identified the victim.
Schneider initially told customers it believed the hack did not exploit a bug in the Triconex system. The system is used in nuclear facilities, oil and gas plants, mining, water treatment facilities and other plants, to safely shut down industrial processes when hazardous conditions are detected.
While the victim's identity is unknown, one cyber security firm, Dragos, has said it occurred in the Middle East. Others have speculated it was in Saudi Arabia.
The attack drew intense scrutiny because it is the first report of a breach of the system for safely shutting down an industrial plant when adverse conditions are detected.
Cyber experts have identified it as a watershed incident because it demonstrates how hackers might cause physical damage to a plant, or even kill people, by shutting down safety systems before attacking industrial processes.
Schneider said in a customer advisory released on Thursday that hackers had exploited a previously unknown vulnerability in a small number of older versions of Triconex software that allowed them to install a remote-access Trojan as "part of a complex malware infection scenario."
The advisory urged customers to follow previously recommended protocols for securing Triconex systems, which it said would have blocked the attack.
The malware is capable of scanning and mapping an industrial network to provide reconnaissance, and can also give hackers remote control over those systems, the advisory says.
Schneider said it was developing tools to identify and remove the malware, which are expected to be released in February.
The company plans to release a software update to fix the security bug, Schneider's Global Cyber Security Architect Paul Forney said in an interview on the sidelines of the S4 security conference in Miami Beach, Florida. He declined to say when it would be available.
Forney discussed the malware in a Thursday morning session at S4.
One of Schneider's rivals, ABB Ltd, last month urged its customers to look out for attacks, saying that hackers might use similar approaches to target any type of safety system.
(Editing by Andrea Ricci and Bernadette Baum)
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.