Triton, a new malware that affects industrial infrastructure
A new malware designed to attack industrial control systems has been identified in an industry that, according to some sources, is located somewhere in the Middle East. For security reasons, neither the type of industry nor the location have been revealed, however, cybersecurity company CyberX believes it is located in Saudi Arabia.
The malware affected the security software Triconex, which is owned by Schneider Electric and whose use is aimed at nuclear and oil and gas facilities. Triton, Trisis, or HatMan, this is how this malware was named according to different companies, it had as objective to modify certain industrial controllers, however during the attack some of them entered into "test mode" completely shutting down the plant where they operate, possibly by Malfunction in the malware or a programming error of the same, alerting the operators in charge of the security of the industrial plant, in this case the FireEye Cybersecurity company.
Following the discovery of the malware, Schneider Electric alerted users of its Triconex software to take precautionary measures. At the moment the origin of the attack is unknown, although it is suspected that it is an act orchestrated by a group of "hackers" related to some government. In this way, this attack can be qualified as part or as proof of a cyberwar.
- 14/12/2017 fireeye.com Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure
- 14/12/2017 thehackernews.com TRITON Malware Targeting Critical Infrastructure Could Cause Physical Damage
- 14/12/2017 dragos.com TRISIS Malware Analysis of Safety System Targeted Malware
- 15/12/2017 certsi.es Detectado malware que afecta a sistema de apagado de seguridad Triconex Tricon de Schneider Electric
- 18/12/2017 hipertextual.com Hackers consiguen atacar el sistema de seguridad de una planta industrial
- 18/12/2017 ics-cert.us-cert.gov MAR -17- 352 -0 1 HATMAN— SAFETY SYSTEM TARGETED MALWARE
- 18/12/2017 ics-cert.kaspersky.com TRITON attack. Comment by Kaspersky Lab ICS CERT expert