Triton malware compromises critical infrastructure again
Cybersecurity experts from FireEye have published a report explaining that Triton malware has been used again, after the 2017 attack, to compromise an undisclosed critical infrastructure installation.
The threat is designed to explore the target networks and sabotage their Industrial Control Systems, often used in power plants and oil refineries and thus gain control over facility operations.
In addition, research indicates that the malware had been latent for about a year, during which it had been studying network configuration and how to swivel from one system to another before launching the attack.
References:
- 10/04/2019 fireeye.com TRITON Actor TTP Profile, Custom Attack Tools, Detections, and ATT&CK Mapping
- 10/04/2019 techcrunch.com The hacker group behind the Triton malware strikes again
- 10/04/2019 wired.com A PEEK INTO THE TOOLKIT OF THE DANGEROUS TRITON HACKERS
- 10/04/2019 csoonline.com Group behind TRITON industrial sabotage malware made more victims
- 11/04/2019 zonavirus.com Segunda vez que usan el malware Triton para hacer estallar una planta petroquímica
- 12/04/2019 dailymail.co.uk Security experts warn hackers behind 'murderous malware' dubbed Triton are BACK and targeting 'critical infrastructure'
- 14/12/2017 incibe-cert.es Triton, a new malware that affects industrial infrastructure