Attackers use TRITON malware to target industrial control systems (ICS)

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn60

Security researchers from FireEye and Dragos have discovered a nasty piece of malware targeting industrial control systems (ICS).

The malware (called “TRITON” and “TRISIS”) was discovered after it was used against a victim in the Middle East, and unintentionally led to an automatical shutdown of the industrial process.

TRITON has been specially designed to target Schneider Electric’s Triconex Safety Instrumented System (SIS), which is an autonomous control system that individually monitors the status of the process under control.

FireEye researchers said:
“If the process exceeds the parameters that define a hazardous state, the SIS attempts to bring the process back into a safe state or automatically performs a safe shutdown of the process. If the SIS and DCS (Distributed Control System) controls fail, the final line of defense is the design of the industrial facility, which includes mechanical protections on equipment (e.g. rupture discs), physical alarms, emergency response procedures and other mechanisms to mitigate dangerous situations,”

The TRITON malware is intended to reprogram the SIS controllers by an attacker-defined payload. Some of those controllers joined a broken safe state, which directs to the shutdown of the industrial process.

While Dragos researchers did not want to think on who was behind this crime, FireEye has said that the targeting of critical infrastructure as well as the attacker’s insistence, lack of any clear financial intent and the technical supplies important to create the attack framework suggest a well-resourced nation-state actor.

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn60
The following two tabs change content below.

Eslam Medhat

is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.

Eslam Medhat

is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.

Leave a Reply