FireEye Finds New Clues in TRITON/TRISIS Attack

Researchers from FireEye have found proof that the hackers who breached and inadvertently shut down a safety monitoring system in a Middle East industrial plant reverse-engineered the protocol software. “Instead of just being a theory that they reverse-engineered something or used legitimate resources to augment their development on it, now we have evidence that supports that,” says Steve Miller, a researcher with FireEye who made the discovery after studying the malware’s Python scripts.

The so-called TRITON/TRISIS attack targeted Schneider Electric’s emergency shutdown system – Triconex Tricon – with custom malware. Two of the plant’s safety-instrumented systems (SIS) controllers entered a failed safe mode that shut down the industrial process and ultimately led to last year’s discovery of the malware.

Read more about the latest findings of the research into the TRITON/TRISIS attack on DarkReading.