The hacking threat to critical infrastructure in the United States and beyond is growing larger, with nation states and other malicious actors looking to gain a foothold in sensitive technologies to conduct espionage and potentially stage disruptive or destructive attacks.

Dragos, a firm that specializes in industrial cybersecurity, has released new research asserting that a hacker group responsible for deploying highly sophisticated, destructive malware to an industrial plant in the Middle East last year has begun to expand its operations beyond its initial targets.  

"This is no longer about data theft or business disruption. Someone can get hurt. It's about physical consequences," said Dan Scali, senior manager for FireEye's industrial control system security consulting practice.

Last week, researchers at Dragos released new details about a threat group they call Xenotime. They said the group has developed hacking tools to compromise and disrupt industrial safety instrumented systems — hardware and software controls that are used to ensure the safe operations of large-scale nuclear, chemical and other industrial plants and allow for emergency stops to take place. 

The group, whose origins are not publicly known, deployed malware to an industrial plant in the Middle East last year that specifically targeted Triconex safety systems manufactured by Schneider Electric. The attack caused the plant to shut down.

Now Dragos says that the actors have expanded their operations, making their way into networks of industrial organizations beyond the Middle East. The group has also demonstrated capabilities to potentially disrupt safety systems other than Triconex. 

The developments have raised concerns that Xenotime could be moving to carry out destructive attacks, such as triggering chemical explosions.