The Triton malware was first identified 16 months ago by researchers from Fireeye: it targets Triconex control systems from Schneider Electric, and was linked by Fireeye to the Central Scientific Research Institute of Chemistry and Mechanics in Moscow.
Now, Fireeye has published a report on a second instance of Triton being used in the field, this time to attack the safety instrumented systems (SIS) that use software and hardware to prevent power plants, refineries, and other large installations from exploding, venting toxic material, catching fire, etc.
The second example reveals that Triton attacks have been in the works since at least 2014, and surfaced an extensive toolsuite that gives more insight into how Triton's operators function.
The really frightening this about this is SIS targeting: that's the kind of thing that doesn't just shut down plants -- it renders them permanently inoperable, and possibly kills some or all of the people in them and near them.
The SIS attacks are a logical progression on Stuxnet and the Russian "sandworm attacks" that got out of control and did $10B damage in 2018.
We now know the first incident wasn’t isolated. There are others. That is especially disconcerting given the danger associated with this threat, which we still know very little about. Though we’ve traced this back to the Russian institute we’re at a loss for explaining the motive here or whether even this is tied to some other country who might be contracting out with the institute.
We are releasing the tools and other information on this actor in the hopes that others will find them and we will all get a better handle on this emerging and disconcerting threat actor. We understand there’s some risk that the actor may go to ground. That may have already happened. After we released the blog on attribution in this case, the institute took operational security measures. They took down some of the information on their website and changed their WHOIS.
Hopefully, this is a first step in a global hunt for this actor that leads to some answers.
Mysterious safety-tampering malware infects a second critical infrastructure site [Dan Goodin/Ars Technica]
Wired security reporter Andy Greenberg's latest book is Sandworm (previously), a true-life technothriller that tells the stories of the cybersecurity experts who analyzed and attributed as series of ghastly cyberwar attacks that brought down parts of the Ukrainian power grid, and then escaped the attackers' control and spread all over the world.
For years, I've followed Andy Greenberg's excellent reporting on "Sandworm," a set of infrastructure-targeted cyberattacks against Ukraine widely presumed to be of Russian origin, some of which escaped their targeted zone and damaged systems around the world.
Wired has published another long excerpt from Sandworm, reporter Andy Greenberg's (previously) forthcoming book on the advanced Russian hacking team who took the US-Israeli Stuxnet program to the next level, attacking Ukrainian power infrastructure, literally blowing up key components of the country's power grid by attacking the embedded code in their microcontrollers.
Companies that don’t have their own in-house design teams (which means 99 percent of all companies these days) face lots of serious questions. Among those questions is how you keep up with all the design requirements of a 21st-century company without the personnel. It isn’t just a website or an annual product catalog anymore. It’s […]
In case you’re one of those computer shoppers who instinctively turns up their nose at the very mention of the word refurbished, here are a couple myths worth dispelling. Refurbished equals junk somebody didn’t want. While desktops, laptops, notebooks, Chromebooks and tablets marked as refurbished may have been unboxed at some point, meaning they can […]
Electric bikes aren’t toys. And they aren’t a fad. In fact, more and more communities are starting to catch on that e-bikes are a lot more than an amusing gadget for the tech geek. Following a six-month study, Johnson County, Kansas, home to many Kansas City suburbs, became just the latest U.S. community to allow […]