{"id":11044,"date":"2025-10-08T19:58:52","date_gmt":"2025-10-08T19:58:52","guid":{"rendered":"http:\/\/localhost\/cyber-operations\/trisis\/"},"modified":"2025-10-08T19:58:52","modified_gmt":"2025-10-08T19:58:52","slug":"trisis","status":"publish","type":"post","link":"https:\/\/www.cfr.org\/cyber-operations\/trisis","title":{"rendered":"Trisis"},"content":{"rendered":"<p>This threat actor targets the Triconex safety instrumented system (SIS) controllers produced by Schneider Electric, as well as a proprietary network communications protocol. SIS controllers maintain safe conditions in an industrial system should other failures occur. In 2017, the U.S. Department of Homeland Security released <a href=\"https:\/\/ics-cert.us-cert.gov\/sites\/default\/files\/documents\/MAR-17-352-01%20HatMan%20-%20Safety%20System%20Targeted%20Malware%20%28Update%20A%29_S508C.PDF\">a malware analysis report<\/a> on the tools used by this threat actor.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This threat actor targets the Triconex safety instrumented system (SIS) controllers produced by Schneider Electric, as well as a proprietary network communications protocol. SIS controllers maintain safe conditions in an industrial system should other failures occur. In 2017, the U.S. Department of Homeland Security released a malware analysis report on the tools used by this [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_cloudinary_featured_overwrite":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3],"tags":[],"cyber_operation":[144],"state_sponsor":[141],"victim_category":[138],"victim_government_response":[186],"victim":[145],"class_list":["post-11044","post","type-post","status-publish","format-standard","hentry","category-threat-actor","cyber_operation-sabotage","state_sponsor-russian-federation","victim_category-private-sector","victim_government_response-unknown","victim-saudi-arabia"],"acf":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/posts\/11044","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/comments?post=11044"}],"version-history":[{"count":0,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/posts\/11044\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/media?parent=11044"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/categories?post=11044"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/tags?post=11044"},{"taxonomy":"cyber_operation","embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/cyber_operation?post=11044"},{"taxonomy":"state_sponsor","embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/state_sponsor?post=11044"},{"taxonomy":"victim_category","embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/victim_category?post=11044"},{"taxonomy":"victim_government_response","embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/victim_government_response?post=11044"},{"taxonomy":"victim","embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/victim?post=11044"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}