New Cyberattack by Group Behind TRITON/TRISIS Reported
Cybersecurity firm FireEye has uncovered and is responding to a new intrusion at an unnamed critical infrastructure facility that it suggests in an April 10 blog post was perpetrated by the group behind the TRITON attack, which prompted a process shutdown at a Middle Eastern facility in 2017.
But while details of the new attack are sparse, according to Joe Slowik, an adversary hunter at industrial control systems (ICS) security firm Dragos, the attack by the cyberthreat activity group it calls “XENOTIME,” does not involve TRITON—which also known as TRISIS.
“All available evidence at this time indicates that XENOTIME has not deployed either TRITON/TRISIS or any new ICS-disruptive malware in any environment, a statement that is also implicitly made in FireEye’s reporting,” he told POWER on April 10.
Slowik’s analyses addresses speculation that a second TRITON attack had occurred, as had been widely suggested by experts and reported by POWER in a previous version of this story. Slowik, however, confirmed FireEye’s claim. …