Triton Attackers Seen Scanning US Power Grid Networks
New research by Dragos indicates that the threat actors behind the 2017 Triton (aka Trisis) malware attack that shut down a petrochemical plant in Saudi Arabia, started to scan power grids in the US and Asia-Pacific regions at the end of last year. Because of this, analysts are worried that the group may be planning to target electricity networks in the future.
Triton is considered to be incredibly dangerous as it is capable of remotely disabling safety systems. However, Dragos acknowledged that it has not found evidence that XENOTIME, the group behind Triton, is currently capable of carrying out an attack that would lead to “a prolonged disruptive or destructive event on electric utility operations.”