Security News > 2022 > March > Triton malware still a threat to energy sector, FBI warns

Triton malware still a threat to energy sector, FBI warns
2022-03-28 12:30

The new FBI warning [PDF] came a day after the US Department of Justice unsealed a pair of indictments that detail alleged Russian government efforts to use supply chain attacks and malware in an attempt to compromise and control critical infrastructure.

One of the two indictments involves Triton malware and its use in the 2017 attack.

In the 2017 attack, the Russian agency used Triton to target a Schneider Electric Triconex safety instrumented system, which initiates safe shutdown procedures in emergency situations.

After gaining initial access, the attackers moved laterally through the IT and OT networks onto the safety system and installed Triton malware.

"The Triton attack represented a notable shift in ICS targeting as the first attack designed to allow physical damage, environmental impact, and loss of life in the event of a plant's running in an unsafe condition," according to the Feds.

While Schneider Electric fixed the flaw when it released an updated version of the Tricon controller in June 2018, older versions are still in use and remain vulnerable to an attack.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/03/28/in_brief_security/