• Also known as Triton and Xenotime
This threat actor targets the Triconex safety instrumented system (SIS) controllers produced by Schneider Electric, as well as a proprietary network communications protocol. SIS controllers maintain safe conditions in an industrial system should other failures occur. In 2017, the U.S. Department of Homeland Security released a malware analysis report on the tools used by this threat actor.
Suspected victims
  • Saudi Arabia
Suspected state sponsor
  • Russian Federation
Type of incident
  • Sabotage
Target category
  • Private sector