TRITON Malware used to shut down plant, industrial systems

Hackers utilizing the Triton malware have managed to close down industrial operations in the Middle East, researchers have warned.

On Thursday, cybersecurity researchers from FireEye’s Mandiant revealed that threat actors deployed malware capable of manipulating emergency shutdown systems at a critical infrastructure firm in the Middle East.

The new form of malware, dubbed Triton, is one of only a handful of malware families known to have been developed for the purpose of attacking industrial processes and core infrastructure we all rely upon for supplies such as gas, oil, and electricity.

Triton is an attack framework built to tamper with such controllers by communicating with them through computers using the Microsoft Windows operating system. According to Symantec — while it is early days into the investigation — the malware appears to inject code which modifies the behavior of SIS devices, leading to threat actor control and potential damage.