Home Security
PC Matic
PC Matic VPN
More Products
Support Unlimited
Identity Theft Protection
PC Magnum
Threat Awareness
How PC Matic Protects You
SuperShield Whitelist
Compare PC Matic
Norton
McAfee
Avast
AVG
Business Protection
PC Matic Pro
PC Matic MSP
Solutions
Allowlisting
Script Enforcement
Device Control
Patch Management
Remote Tools
Integrations
Server Security
Learn More
Resellers
Affiliates
Resources
Case Studies
Compare PC Matic Pro
ThreatLocker
Airlock Digital
VMware Carbon Black
AppLocker
For Federal
Partner Programs
Managed Service Providers
Channel Partners
Affiliate Partners
OEM Partners
Resource Center
All Resources
Case Studies
Data Sheets
User Guides
White Papers
Blog Resources
PC Matic Blog
Business Security
Home Security
Cyber News
Scam Alerts
Customer Service
Home Support
Business Support
Learn More
Getting Started
Knowledgebase
Tech Support Scams
Fake Virus Scams
Tools & More
Ransomware Center
Internet Speed Test
PC Matic
About
Careers
Learn More
Industry Recognition
Leadership
Commercials
Stay Up-to-Date
Newsroom
Blog
Events
TechTalk Podcast
Home Customers
My Account
PC Matic App
Add a Device
Renew Subscription
Business Customers
Business Login
Business Support
Search

Triton Threat Group Reappears in Second Critical Infrastructure Facility

Triton Wormed Their Way Into Another Critical Infrastructure, and Possibly Many More…

The advanced hacker group, Triton, was responsible for an attack on a Saudi petrochemical plant in 2017.  The attack would have been successful in destroying the facility, except there was a bug in Triton malware’s coding.

Now, years later, researchers have confirmed finding traces of the Triton group in another critical infrastructure facility.  Triton’s malware is designed to silently hide within a target’s network, taking the time to fully understand how the network looks and how each system is interconnected.  The goal is to quietly gain access to the facilities safety instrumented systems and industrial control systems.  The safety instrumented systems monitor the physical systems to ensure they do not operate outside of their normal operational state.  By learning the ins and outs of the critical safety systems, the hacking group is able to execute their cyber attack without causing the systems to enter into a safe fail-over state. 

Then, once the Triton group deploys the malware, they target the industrial control systems, which control the entire operations of the facility.  By sabotaging these controls, there would be a significant disruption to daily operations, if not generate an entire shutdown of operations.

Triton group’s most recent victim has been very discrete about the incident.  The name of the infrastructure is unknown, as is the type of facility and its location.  What is known is, the attack was found after the malware caused a process to shutdown that led to an investigation.  It is believed this shutdown was unintentional.  Although the motives of the attack have not been confirmed, it is believed Triton was attempting to build the capability to cause physical damage to the facility when the shutdown inadvertently was triggered. 

Due to the slow and steady approach used, there are concerns additional critical infrastructures may be compromised.  In an attempt to catch the hacking group before damage is done, a list of hashes unique to the files found at the second facility has been published.  The hope is, other at-risk facilities will use this hash list to check for any evidence their network files have been compromised. 

Stop Responding to Threats.
Prevent Them.

Get Protected

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles

Honda Hacked

Photo by Will Hough on Unsplash Honda’s Global Operations Haulted Automobile giant Honda confirmed today that they’ve been the victim of a cyberattack. The company released a statement

Read More
June 9, 2020