Triton Malware Still Targeting Energy Firms

  /     /     /  
Publicated : 23/11/2024   Category : security


Triton Malware Still Targeting Energy Firms


The FBIs latest Private Industry Notification warns the energy sector that the group behind Triton is still up to no good.



The global energy sector needs to stay alert for Triton malware, the Federal Bureau of Investigation said in a recent warning.
Triton
(also known as Trisis and HatMan) is designed to cause physical safety systems to cease operating or to operate in an unsafe manner, the FBI says in its Private Industry Notification (
PIN 20220324-001
). The malware was used in a cyberattack in 2017 against a Middle East petrochemical facility. The Russian Central Scientific Research Institute of Chemistry and Mechanics (TsNIIkhM), a Russian government-backed research institution, is believed to have carried out the attack, and last week the United States Department of Justice
unsealed an indictment against a Russian national
and a TsNIIkhM employee involved in that attack.
In the 2017 attack, Triton targeted a
Schneider Electric Triconex safety instrumented system
(SIS), which initiates safe shutdown procedures in emergency situations. The attacker gained initial access and then moved laterally through the IT and OT networks to get onto the safety system. The malware modified in-memory firmware for Triconex Tricon safety controllers. In a situation where the system would initiate safe shutdown procedures, the fact that the controllers were modified could potentially result in damage to the facility, system downtime, and even loss of life, the FBI says.
TsNIIkhM is believed to still be conducting activities against the global energy sector, the FBI says. Based on the attack framework and malware used in the original Triton incident, a similar attack could be designed against other SIS, the FBI says.
While Schneider Electric fixed the flaw in the Tricon controller, older versions are still in use and remain vulnerable. Potentially affected critical infrastructure asset owners and operators should regularly assess and monitor their SIS systems, watch personnel with access to these systems, and practice contingency plans, according to the FBI warning. The PIN outlines other recommendations, including using a unidirectional gateway for applications that need to receive data from the SIS; implementing change management procedures for safety controller run-state key positions; deploying safety systems on isolated networks; and checking logs from network appliances, webservers, and third-party tools for signs of early stage reconnaissance activity.

Last News

▸ Veritabile Defecte de Proiectare a Securitatii in Software -> Top 10 Software Security Design Flaws ◂
Discovered: 23/12/2024
Category: security

▸ Sony, XBox Targeted by DDoS Attacks, Hacktivist Threats ◂
Discovered: 23/12/2024
Category: security

▸ There are plenty of online tools for reporting bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Triton Malware Still Targeting Energy Firms