FireEye links Russian research lab to Triton ICS malware attacks


A Russian research laboratory is behind cyber-attacks on critical infrastructure, including on a Saudi petrochemical plant, according to a report published today by US cyber-security firm FireEye.

The cyber-attacks took place in 2017 and deployed a never-before-seen malware strain known as Triton –or Trisis– specifically engineered to interact with Schneider Electric’s Triconex Safety Instrumented System (SIS) controllers

According to technical reports from FireEyeDragos, and Symantec, Triton was designed to either shut down a production process or allow SIS-controlled machinery to work in an unsafe state.

Read more…
Source: ZDNet