FireEye Finds New Clues in TRITON/TRISIS Attack

Researchers from FireEye have found proof that the hackers who breached and inadvertently shut down a safety monitoring system in a Middle East industrial plant reverse-engineered the protocol software. “Instead of just being a theory that they reverse-engineered something or used legitimate resources to augment their development on it, now we have evidence that supports that,” says Steve Miller, a researcher with FireEye who made the discovery after studying the malware’s Python scripts.

The so-called TRITON/TRISIS attack targeted Schneider Electric’s emergency shutdown system – Triconex Tricon – with custom malware. Two of the plant’s safety-instrumented systems (SIS) controllers entered a failed safe mode that shut down the industrial process and ultimately led to last year’s discovery of the malware.

Read more about the latest findings of the research into the TRITON/TRISIS attack on DarkReading.





Gain Deeper Insights Into The Threat

Sign up to gain access to our special reports on threat actors and their tactics as well as daily Threat Brief.

Your support will enable us to continue our production of action-oriented content and help us help you stay informed on the latest in adversary activities.

Try our free two week trial.

Sign Up For Free Trial of The Daily Threat Brief