April 12, 2019

Warning issued on industrial plants as 'Triton' hack resurfaces

Security researchers say they have discovered new activity by hackers using malware called "Triton" that can target in
Security researchers say they have discovered new activity by hackers using malware called "Triton" that can target industrial control systems including oil and gas facilities

Security researchers this week confirmed that they spotted new activity by hackers using "Triton" malware capable of doing real-world damage to oil, gas or water plants.

The security firm FireEye said in a blog post Wednesday that it had identified and was "responding to an additional intrusion by the attacker behind Triton at a different critical infrastructure facility."

It did not disclose details regarding the target.

FireEye urged oil, gas, water and other facilities with industrial control systems to ramp up defenses and vigilance for Triton activity on their networks.

A study of the hackers' arsenal indicated they may have been in action since early 2014, avoiding detection for years.

FireEye said that Triton hackers were refining the ability to damage industrial when they unintentionally caused the shutdown in 2017 that got them noticed.

"The targeting of critical infrastructure to disrupt, degrade, or destroy systems is consistent with numerous attack and reconnaissance activities carried out globally by Russian, Iranian, North Korean, US, and Israeli nation state actors," FireEye said in a blog post.

"Triton" tactics employ custom hacking tools to snake through plant networks to reach operating systems that control safety mechanisms, according to analysis that followed its initial discovery in late 2017 after it inadvertantly stopped processes at an oil plant in Saudi Arabia.

In an update last year, FireEye expressed confidence that the Triton activity was "supported by" the Central Scientific Research Institute of Chemistry and Mechanics, which it described as a Russian government-owned institution in Moscow.

FireEye described Triton as one of a limited number of publicly identified malicious software families aimed at industrial control systems.

"It follows Stuxnet which was used against Iran in 2010 and Industroyer which we believe was deployed by Sandworm Team against Ukraine in 2016," FireEye said in an earlier blog post.

"Triton is consistent with these attacks, in that it could prevent safety mechanisms from executing their intended function, resulting in a physical consequence."

© 2019 AFP

Citation: Warning issued on industrial plants as 'Triton' hack resurfaces (2019, April 12) retrieved 19 April 2024 from https://techxplore.com/news/2019-04-issued-industrial-triton-hack-resurfaces.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Explore further

Iranian hackers caused losses in hundreds of millions: report
196 shares

Feedback to editors
A dexterous four-legged robot that can walk and handle objects simultaneously

59 minutes ago
Climate change will increase value of residential rooftop solar panels across US, study finds

2 hours ago
Bitcoin's next 'halving' is right around the corner. Here's what you need to know

3 hours ago
Team develops a way to teach a computer to type like a human

14 hours ago
Universal 'cocktail electrolyte' developed for 4.6 V ultra-stable fast charging of commercial lithium-ion batteries

15 hours ago
Garbage could replace a quarter of petroleum-based jet fuel every year

16 hours ago
For more open and equitable public discussions on social media, try 'meronymity'

17 hours ago
Mess is best: Disordered structure of battery-like devices improves performance

17 hours ago
Meta's newest AI model beats some peers. But its amped-up AI agents are confusing Facebook users

18 hours ago
An ink for 3D-printing flexible devices without mechanical joints

18 hours ago
Load comments (0)