FireEye researchers say that they have detected a second attack involving the highly disruptive Triton (aka Trisis) malware. Triton is considered to be incredibly dangerous as it is capable of remotely disabling safety systems.
In the summer of 2017, Triton malware shut down a petrochemical plant in Saudi Arabia. The shutdown was accidentally triggered by a flaw in the Triton code. If it hadn’t been for that flaw, the hackers could have released toxic hydrogen sulfide gas or caused explosions. As a result, employees of the plant and residents of the surrounding area could have been killed or injured.
While security experts expected Triton to show up again, FireEye is the first firm to find evidence of a second attack. The target was an undisclosed firm in the Middle East. As in the previous attack, the threat actors behind Triton went after industrial control systems (ICS). The hackers had a access to the targeted network for close to a year before they obtained access to an engineering workstation. The researchers did not say how much damage the new Triton attack caused, but they are confident that the malware is the work of Russian state-sponsored hackers.
Read more: Triton ICS Malware Hits A Second Victim