Hexbyte Tech News Wired
In December, researchers spotted a new family of industrial control malware that had been used in an attack on a Middle Eastern energy plant. Known as Triton, or Trisis, the suite of hacking tools is one of only a handful of known cyberweapons developed specifically to undermine or destroy industrial equipment. Now, new research from security firm FireEye suggests that at least one element of the Triton campaign originated from Russia. And the tipoff ultimately came from some pretty boneheaded mistakes.
Russian hackers are in the news for all sorts of activity lately, but FireEye’s conclusions about Triton are somewhat surprising. Indications that the 2017 Triton attack targeted a Middle Eastern petrochemical plant fueled the perception that Iran was the aggressor—especially following reports that the victim was specifically a Saudi Arabian target. But FireEye’s analysis reveals a very different geopolitical context.