Group behind TRITON industrial sabotage malware made more victims
Security researchers have uncovered additional attacks attributed to the group behind the TRITON malware framework, one of the few threats found to date that was specifically designed to sabotage industrial equipment. TRITON was first uncovered in 2017 after hitting the systems of a petrochemical plant in Saudi Arabia with the possible goal of causing an explosion. That attack failed because an error made by the attackers triggered an emergency shutdown of critical systems.
The TRITON malware is capable of reprogramming Triconex safety instrumented system (SIS) controllers made by Schneider Electric. These controllers are part of the last line of defense for avoiding critical failures and possible disasters in industrial facilities. They are designed to automatically shut down equipment and processes if they exceed safe operating parameters.