Top Categories

Spotlight

todayFebruary 26, 2024

News Mjolnir Security

Mjolnir Shield

Overview Mjolnir Security’s Post-Incident Response Restoration Service is designed to assist organizations in efficiently recovering from cybersecurity incidents. By focusing on rebuilding and enhancing IT, network, and security infrastructures, Mjolnir Security ensures that businesses not only return to their operational status quickly but also emerge stronger and more resilient against [...]


sandworm

1 Result / Page 1 of 1

Background

todayDecember 15, 2017

  • 119
close

Business + News + Malware + APT + Exploits + Backdoor + Threat Intelligence + Breach + SCADA Mjolnir Security

New ICS Attack Framework “TRITON” targeting Critical Infrastructure

Mandiant recently responded to an incident at a critical infrastructure organization where an attacker deployed malware designed to manipulate industrial safety systems. The targeted systems provided emergency shutdown capability for industrial processes. We assess with moderate confidence that the attacker was developing the capability to cause physical damage and inadvertently shutdown operations. This malware, which we call TRITON, is an attack framework built to interact with Triconex Safety Instrumented System (SIS) controllers. We have not attributed the incident to a threat actor, though we believe the activity is consistent with a nation state preparing for an attack. TRITON is one of a limited number of publicly identified malicious software families targeted at industrial control systems (ICS). It follows Stuxnet which was used against Iran in 2010 and Industroyer which we believe was deployed by Sandworm Team against Ukraine in 2016. TRITON is consistent with these attacks, in that it could prevent safety mechanisms from executing their intended function, resulting in a physical consequence. Malware Family Main Modules Description TRITON trilog.exe Main executable leveraging libraries.zip library.zip Custom communication library for interaction with Triconex controllers. Table 1: Description of TRITON Malware Incident Summary The attacker gained remote access to an SIS engineering workstation and deployed the TRITON attack framework to reprogram the SIS ...