- Also known as Triton and Xenotime
This threat actor targets the Triconex safety instrumented system (SIS) controllers produced by Schneider Electric, as well as a proprietary network communications protocol. SIS controllers maintain safe conditions in an industrial system should other failures occur. In 2017, the U.S. Department of Homeland Security released a malware analysis report on the tools used by this threat actor.
- Saudi Arabia
Suspected state sponsor
- Russian Federation
Type of incident
- Private sector
- Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure
- A Totally Tubular Treatise on TRITON and TriStation
- TRISIS Malware
- A Cyberattack in Saudi Arabia Had a Deadly Goal. Experts Fear Another Try.
- Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide