Attackers use TRITON malware to target industrial control systems (ICS)

Security researchers from FireEye and Dragos have discovered a nasty piece of malware targeting industrial control systems (ICS).

The malware (called “TRITON” and “TRISIS”) was discovered after it was used against a victim in the Middle East, and unintentionally led to an automatical shutdown of the industrial process.

TRITON has been specially designed to target Schneider Electric’s Triconex Safety Instrumented System (SIS), which is an autonomous control system that individually monitors the status of the process under control.

FireEye researchers said:
“If the process exceeds the parameters that define a hazardous state, the SIS attempts to bring the process back into a safe state or automatically performs a safe shutdown of the process. If the SIS and DCS (Distributed Control System) controls fail, the final line of defense is the design of the industrial facility, which includes mechanical protections on equipment (e.g. rupture discs), physical alarms, emergency response procedures and other mechanisms to mitigate dangerous situations,”

The TRITON malware is intended to reprogram the SIS controllers by an attacker-defined payload. Some of those controllers joined a broken safe state, which directs to the shutdown of the industrial process.

While Dragos researchers did not want to think on who was behind this crime, FireEye has said that the targeting of critical infrastructure as well as the attacker’s insistence, lack of any clear financial intent and the technical supplies important to create the attack framework suggest a well-resourced nation-state actor.

The following two tabs change content below.

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Latest posts by Unallocated Author (see all)

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Leave a Reply