The Triton malware was first identified 16 months ago by researchers from Fireeye: it targets Triconex control systems from Schneider Electric, and was linked by Fireeye to the Central Scientific Research Institute of Chemistry and Mechanics in Moscow.
Now, Fireeye has published a report on a second instance of Triton being used in the field, this time to attack the safety instrumented systems (SIS) that use software and hardware to prevent power plants, refineries, and other large installations from exploding, venting toxic material, catching fire, etc.
The second example reveals that Triton attacks have been in the works since at least 2014, and surfaced an extensive toolsuite that gives more insight into how Triton's operators function.
The really frightening this about this is SIS targeting: that's the kind of thing that doesn't just shut down plants -- it renders them permanently inoperable, and possibly kills some or all of the people in them and near them.
The SIS attacks are a logical progression on Stuxnet and the Russian "sandworm attacks" that got out of control and did $10B damage in 2018.
We now know the first incident wasn’t isolated. There are others. That is especially disconcerting given the danger associated with this threat, which we still know very little about. Though we’ve traced this back to the Russian institute we’re at a loss for explaining the motive here or whether even this is tied to some other country who might be contracting out with the institute.
We are releasing the tools and other information on this actor in the hopes that others will find them and we will all get a better handle on this emerging and disconcerting threat actor. We understand there’s some risk that the actor may go to ground. That may have already happened. After we released the blog on attribution in this case, the institute took operational security measures. They took down some of the information on their website and changed their WHOIS.
Hopefully, this is a first step in a global hunt for this actor that leads to some answers.
Mysterious safety-tampering malware infects a second critical infrastructure site [Dan Goodin/Ars Technica]
Wired security reporter Andy Greenberg's latest book is Sandworm (previously), a true-life technothriller that tells the stories of the cybersecurity experts who analyzed and attributed as series of ghastly cyberwar attacks that brought down parts of the Ukrainian power grid, and then escaped the attackers' control and spread all over the world.
For years, I've followed Andy Greenberg's excellent reporting on "Sandworm," a set of infrastructure-targeted cyberattacks against Ukraine widely presumed to be of Russian origin, some of which escaped their targeted zone and damaged systems around the world.
Wired has published another long excerpt from Sandworm, reporter Andy Greenberg's (previously) forthcoming book on the advanced Russian hacking team who took the US-Israeli Stuxnet program to the next level, attacking Ukrainian power infrastructure, literally blowing up key components of the country's power grid by attacking the embedded code in their microcontrollers.
When the SNES launched back in the early 1990s, it changed gaming forever. One of the innovations was a gamepad with four action buttons — something that has remained a constant on controllers ever since. The 8BitDo SN30 Bluetooth Gamepad brings that iconic design up to date, with Bluetooth connectivity and support for multiple platforms. […]
After a long day at work, cooking a meal from scratch can seem like too much trouble. Unfortunately, the alternative is usually something unhealthy. Enter the Mellow Sous Vide Precision Cooker. This compact water bath uses cutting-edge technology to cook meat and veggies at the perfect temperature for exactly the right amount of time. It […]
In the course of any day, we encounter many different audio environments. If you are wearing earbuds, the ambient noise level can affect your listening experience. The HUB wireless earbuds adapt to different surroundings using smart noise-cancellation technology. They can either block out distractions or enhance conversations. They are normally priced at $250, but you […]