Security News > 2022 > March > Triton malware still a threat to energy sector, FBI warns
The new FBI warning [PDF] came a day after the US Department of Justice unsealed a pair of indictments that detail alleged Russian government efforts to use supply chain attacks and malware in an attempt to compromise and control critical infrastructure.
One of the two indictments involves Triton malware and its use in the 2017 attack.
In the 2017 attack, the Russian agency used Triton to target a Schneider Electric Triconex safety instrumented system, which initiates safe shutdown procedures in emergency situations.
After gaining initial access, the attackers moved laterally through the IT and OT networks onto the safety system and installed Triton malware.
"The Triton attack represented a notable shift in ICS targeting as the first attack designed to allow physical damage, environmental impact, and loss of life in the event of a plant's running in an unsafe condition," according to the Feds.
While Schneider Electric fixed the flaw when it released an updated version of the Tricon controller in June 2018, older versions are still in use and remain vulnerable to an attack.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/03/28/in_brief_security/
Related news
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)
- Top 5 Malware Threats to Prepare Against in 2025 (source)
- FBI wipes Chinese PlugX malware from over 4,000 US computers (source)
- FBI deletes Chinese PlugX malware from thousands of US computers (source)
- FBI wipes Chinese PlugX malware from thousands of Windows PCs in America (source)
- FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation (source)
- FBI removed PlugX malware from U.S. computers (source)
- FBI Deletes PlugX Malware from Thousands of Computers (source)