INFRA
INFRA
INFRA
Triton malware targets oil and gas assets in the Middle East
A disturbing new form of malware that targets industrial equipment has been discovered in the wild in what may be a serious state-sponsored attack.
Dubbed “Triton” by researchers at FireEye Inc., the malware is said to have already shut down the operations of a critical infrastructure organization in the Middle East and is continuing to be deployed by those behind it. The name of the company wasn’t disclosed, but the malware is said to target equipment sold by Schneider Electric SE that is used in oil and gas facilities.
Schneider Electric specializes in energy management and automation solutions, spanning hardware, software and services. In particular, the malware was designed to disable Schneider’s Triconex product line. The webpage for Triconex describes the offering as “safety instrumented systems” that provide “solutions to protect people, the surrounding communities and the environment, while keeping production operating safely and continuously, throughout the life of your assets.”
FireEye notes in its report that the fact that the attacker targeted Schneider’s SIS suggests “an interest in causing a high-impact attack with physical consequences” and that the “attack objective not typically seen from cyber-crime groups.” Put more simply, whoever is behind the attack was looking to cause physical harm as opposed to trying to gain some sort of financial return.
Who did it is complete speculation at this point, but given that it’s known that the attack occurred in the Middle East, there are some likely contenders for victim and attacker. Earlier this year, the Gulf States and Egypt cut off diplomatic relations with Qatar over the country’s alleged links to Iran. The “Qatar Diplomatic Crisis” remains ongoing, so it’s possible the attack involved countries party to the dispute.
With the Triton malware now in the wild, FireEye recommends that asset owners should consider segregating safety system networks from process control and information system networks, leveraging hardware features that provide for physical control of safety controllers, and a number of other steps to protect themselves from a Triton attack.
Photo: U.S. Navy/Wikimedia Commons
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
