Connect with us

Data Breaches Hacker News Malware

Russian Research Lab Helped Develop TRITON Industrial Malware

Data Breaches Hacker News

Dark Web Marketplace Bidencash Leaks 2 Million Stolen Credit Cards for Free

Data Breaches

77 Million Nitro PDF Records Compromised

Data Breaches

Solarwinds Hackers Achieve End Goal of Acquiring High-Profile Government Targets

Data Breaches

British Airliner EasyJet Victim of Cyber Attack - 9 Million Records Exposed

Data Breaches

Massive Data Breach of Panama Citizens

Data Breaches

Outlook Breach More Expansive than Previously Thought

Data Breaches

Second Toyota Security Breach puts 3.1 Million Consumers at Risk

Data Breaches Hacker News

Korean Crypto Exchange BitHumb Loses $19 Million to Hackers

Data Breaches Hacker News

Major Aluminum Manufacturer Hit With Cyber Attack Stopping Worldwide Production

Data Breaches

Russian Research Lab Helped Develop TRITON Industrial Malware

Published

5 years ago

on

Russian-Research-Lab-Helped-Develop-TRITON-Industrial-Malware

FireEye, a cybersecurity company that provides services to protect against cyber attacks, claim they have discovered evidence of Russian involvement in the development of TRITON malware.

About TRITON Malware

TRITON malware, sometimes called Trisis, is Industrial Control System (ICS) malware that targets the Triconex Safety Instrumented System (SIS) controllers produced by Schneider Electric. These controllers are frequently used in oil and gas facilities and function autonomously, taking immediate action if a dangerous state is detected from its monitoring.

In December 2017 Symantec reported at a petrochemical plant in Saudi Arabia had been compromised by TRITON malware. It was believed at the time to be a state-sponsored attack.

Who is behind TRITON?

The attack on the Saudi Arabian petrochemical plant was believed to be state-sponsored from the beginning because the hacking group would have to possess advanced knowledge of Industrial Control Systems, something that is possible but unlikely from independent hackers.

FireEye believes with “high confidence” that a Moscow based lab is responsible for helping attacks with the industrial knowledge required, and additionally helped test its components in a targeted environment. The lab is called Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM).

In a statement of their findings, FireEye stated

An IP address [ 87.245.143.140] registered to CNIIHM has been employed by TEMP.Veles for multiple purposes, including monitoring open-source coverage of TRITON, network reconnaissance, and malicious activity in support of the TRITON intrusion,” FireEye wrote while pointing out evidence.

In addition to this behavioural patterns are consistent with Moscow time.FireEye state that they are not suggesting that the Moscow based lab is responsible for the end to end implementation of TRITON in the wild, but that it is highly likely that they were involved.

Russia hasn’t responded to the allegations but it is expected they will deny any involvement. The TRITON hacking group remain a major risk to critical infrastructure around the world

 

Related Topics:

Technical Writer, Security Blogger and he is a Technology Enthusiast with a keen eye on the Cyberspace.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *