In the summer of 2017, a petrochemical plant in Saudi Arabia experienced a worrisome security incident that cybersecurity experts consider to be the first-ever cyberattack carried out with “a blatant, flat-out intent to hurt people.” The attack involved a highly sophisticated new malware strain called Triton, which was capable of remotely disabling safety systems inside the plant with potentially catastrophic consequences.

Luckily, a flaw in the Triton code triggered a safety system that responded by shutting down the plant. If it hadn’t been for that flaw, the hackers could have released toxic hydrogen sulfide gas or caused explosions. As a result, employees of the plant and residents of the surrounding area could have been killed or injured.

Triton is almost certainly the work of state-backed hackers. While Iran was the initial suspect, later reports indicate that Russia may have been behind the attack.

Since Triton was first discovered, cybersecurity firms have uncovered more attacks involving malware with similar traits, designed to take over safety systems. Triton has not been spotted in other potentially destructive attacks, but cybersecurity experts believe it is only a matter of time before the murderous malware will rear its ugly head again.

Read more: Triton is the world’s most murderous malware, and it’s spreading