The advanced hacker group, Triton, was\nresponsible for an attack on a Saudi petrochemical plant in 2017. The attack would have been successful in\ndestroying the facility, except there was a bug in Triton malware\u2019s coding. <\/p>\n\n\n\n
Now, years later, researchers have confirmed finding traces of the Triton group in another critical infrastructure facility. Triton\u2019s malware is designed to silently hide within a target\u2019s network, taking the time to fully understand how the network looks and how each system is interconnected. The goal is to quietly gain access to the facilities safety instrumented systems and industrial control systems. The safety instrumented systems monitor the physical systems to ensure they do not operate outside of their normal operational state. By learning the ins and outs of the critical safety systems, the hacking group is able to execute their cyber attack without causing the systems to enter into a safe fail-over state. <\/p>\n\n\n\n
Then, once the Triton group deploys\nthe malware, they target the industrial control systems, which control the\nentire operations of the facility. By\nsabotaging these controls, there would be a significant disruption to daily\noperations, if not generate an entire shutdown of operations. <\/p>\n\n\n\n
Triton group\u2019s most recent victim has\nbeen very discrete about the incident. \nThe name of the infrastructure is unknown, as is the type of facility\nand its location. What is known is, the\nattack was found after the malware caused a process to shutdown that led to an\ninvestigation. It is believed this\nshutdown was unintentional. Although the\nmotives of the attack have not been confirmed, it is believed Triton was attempting\nto build the capability to cause physical damage to the facility when the\nshutdown inadvertently was triggered. <\/p>\n\n\n\n
Due to the slow and steady approach\nused, there are concerns additional critical infrastructures may be\ncompromised. In an attempt to catch the\nhacking group before damage is done, a list of hashes unique to the files found\nat the second facility has been published. \nThe hope is, other at-risk facilities will use this hash list to check\nfor any evidence their network files have been compromised. <\/p>\n","protected":false},"excerpt":{"rendered":"
Triton Wormed Their Way Into Another Critical Infrastructure, and Possibly Many More… The advanced hacker group, Triton, was responsible for an attack on a Saudi petrochemical plant in 2017. The attack would have been successful in destroying the facility, except there was a bug in Triton malware\u2019s coding. Now, years later, researchers have confirmed finding […]<\/p>\n","protected":false},"author":54,"featured_media":55104,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[7,5090],"tags":[5633],"class_list":["post-60928","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-newsletter","category-slider","tag-hacking-group"],"yoast_head":"\n