News

Triton malware operators are interested in attacks on power companies

Hacker grouping Xenotime, linked by security experts with malware attacks for the Triton process control system (also known as Trisis and HatMan) in 2017, expanded the list of targets.

Previously, the group’s interests were made up of oil and gas companies, but now the list of objects of attack includes energy companies in the United States and Asia-Pacific countries.

“Attacking any industrial sector requires significant resources, which increases with expansion of capabilities and targeting. High resource requirements previously limited such attacks to a few potential adversaries, but as more players see value and interest in targeting critical infrastructure – and those wgo already invested see dividends from their behaviors – scale of the threat grows”, — Dragos IT-company experts tell.

Xenotime has been active since 2014, but it became famous only in 2017 after attacks on oil and gas companies in Saudi Arabia. Attackers used Triton malware designed to attack Schneider Electric Triconex security systems. The attack was discovered after failures in a number of industrial systems, which, according to experts, arose because of the negligence of hackers.

Initially, the group attacked only oil and gas enterprises in the Middle East, however, according to information security company Dragos, Xenotime is now interested in energy companies in the United States and Asia-Pacific. According to the researchers, all attempts attacks were unsuccessful and the attackers could not penetrate networks of the target organizations.

Such behavior may indicate that the group is preparing for further cyberattacks, conducting reconnaissance and trying to get into the network using credential substitution attacks or using stolen logins/passwords, according to Drago.

“While none of the electric utility targeting events has resulted in a known, successful intrusion into victim organizations to date, the persistent attempts, and expansion in scope is cause for definite concern. XENOTIME has successfully compromised several oil and gas environments which demonstrates its ability to do so in other verticals”, — warn Dragos experts.

Recalling that in October last year, FireEye published a report in which suggested that developers from the Russian Federation might be involved in creating Triton malware.

Source: https://dragos.com/blog

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button