Home / Early Warning / Cybersecurity Highlights / Triton, a new malware that affects industrial infrastructure

Triton, a new malware that affects industrial infrastructure


A new malware designed to attack industrial control systems has been identified in an industry that, according to some sources, is located somewhere in the Middle East. For security reasons, neither the type of industry nor the location have been revealed, however, cybersecurity company CyberX believes it is located in Saudi Arabia.

The malware affected the security software Triconex, which is owned by Schneider Electric and whose use is aimed at nuclear and oil and gas facilities. Triton, Trisis, or HatMan, this is how this malware was named according to different companies, it had as objective to modify certain industrial controllers, however during the attack some of them entered into "test mode" completely shutting down the plant where they operate, possibly by Malfunction in the malware or a programming error of the same, alerting the operators in charge of the security of the industrial plant, in this case the FireEye Cybersecurity company.

Following the discovery of the malware, Schneider Electric alerted users of its Triconex software to take precautionary measures. At the moment the origin of the attack is unknown, although it is suspected that it is an act orchestrated by a group of "hackers" related to some government. In this way, this attack can be qualified as part or as proof of a cyberwar.