This post was originally published on this site is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to


Hackers utilizing the Triton malware have managed to close down industrial operations in the Middle East, researchers have warned.

On Thursday, cybersecurity researchers from FireEye’s Mandiant revealed that threat actors deployed malware capable of manipulating emergency shutdown systems at a critical infrastructure firm in the Middle East.

More security news

The new form of malware, dubbed Triton, is one of only a handful of malware families known to have been developed for the purpose of attacking industrial processes and core infrastructure we all rely upon for supplies such as gas, oil, and electricity.

Stuxnet was one of the first indicators that such malware exists after the worm was used against industrial players in Iran in 2010, and in 2014, a South Korean nuclear facility was targeted. In 2016, Ukraine’s capital Kiev had a power outage after malware took down a power grid.

The new Trojan, which Symantec researchers say has been active since at least September this year, has been designed to communicate with a specific type of industrial control system (ICS), namely safety instrumented systems (SIS) controllers produced by Triconex.

Triton is an attack framework built to tamper with such controllers by communicating with them through computers using the Microsoft Windows operating system. According to Symantec — while it is early days into the investigation — the malware appears to inject code which modifies the behavior of SIS devices, leading to threat actor control and potential damage.

In the case of the victim company, Triton was used to target emergency shutdown capabilities.

However, the security researchers believe Triton was intended for use in “causing physical damage,” but the plant was shut down inadvertently during the attack instead.

The malware was deployed in order to reprogram the SIS controllers but some of the devices entered a failed safe state which closed the plant down and alerted operators to the scheme.

“The investigation found that the SIS controllers initiated a safe shutdown when application code between redundant processing units failed a validation check — resulting in an MP diagnostic failure message,” FireEye says. “We have not attributed the incident to a threat actor, though we believe the activity is consistent with a nation-state preparing for an attack.”

The majority of cyberattackers have money in mind when they deploy malware or infiltrate systems, whether it be to clear out customer accounts or to steal valuable corporate data.

However, in this case, there was no clear financial goal — but the groups’ persistence, skill, the targeting of core infrastructure, and what appears to be resources at their disposal all points towards state sponsorship.

“The targeting of critical infrastructure to disrupt, degrade, or destroy systems is consistent with numerous attack and reconnaissance activities carried out globally by Russian, Iranian, North Korean, US, and Israeli nation-state actors,” FireEye says. “Intrusions of this nature do not necessarily indicate an immediate intent to disrupt targeted systems, and may be preparation for a contingency.”

See also: Researchers create new ransomware to target industrial systems

In October, the FBI and US Department of Homeland Security (DHS) warned that energy companies are now under constant attack by threat actors seeking to steal information related to their control systems.

Firms in the energy, nuclear, water, aviation and critical manufacturing sectors are at risk, according to the agencies, from hackers which target small firms as stepping stones towards more valuable companies.

Previous and related coverage

At L Technology Group, we know technology alone will not protect us from the risks associated with in cyberspace. Hackers, Nation States like Russia and China along with “Bob” in HR opening that email, are all real threats to your organization. Defending against these threats requires a new strategy that incorporates not only technology, but also intelligent personnel who, eats and breaths cybersecurity. Together with proven processes and techniques combines for an advanced next-generation security solution. Since 2008 L Technology Group has develop people, processes and technology to combat the ever changing threat landscape that businesses face day to day.

Call Toll Free (855) 999-6425 for a FREE Consultation from L Technology Group,