Creators of Trisis Malware Have Expanded their ICS Attacks

The group behind the Trisis malware attack on an oil and gas company in Saudi Arabia last year has also now hacked industrial firms in other countries, according to new research.

Cybersecurity company Dragos Inc. published a report this week that identifies a new threat group called Xenotime as the authors of the Trisis malware, also known as Triton, and warned of a similar malware campaign that has been targeting unnamed companies globally with industrial control system (ICS) attacks.

“Dragos assesses with moderate confidence that Xenotime intends to establish required access and capability to cause a potential, future disruptive — or even destructive — event,” Dragos said in its blog post about the threat. “The group created a custom malware framework and tailor-made credential gathering tools, but an apparent misconfiguration prevented the attack from executing properly. As Xenotime matures, it is less likely that the group will make this mistake in the future.”

Read more at TechTarget

(Visited 30 times, 1 visits today)

The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Leave a Reply

Latest from Cybersecurity

Go to Top
X
X