Mar 5, 2019 · In attacking the plant, the hackers crossed a terrifying Rubicon. This was the first time the cybersecurity world had seen code deliberately designed to put lives at risk.

Triton is malware first discovered at a Saudi Arabian petrochemical plant in 2017. [1][2] It can disable safety instrumented systems, which can then contribute to a plant disaster. [3]

Apr 10, 2018 · The HatMan malware, also known as TRITON and TRISIS, affects Triconex Tricon safety controllers by modifying inmemory firmware to add additional programming. The extra - functionality allows an attacker to read/modify memory contents and execute arbitrary code on demand through receiving specially-crafted network packets.

Aug 12, 2022 · When Julian Gutmanis — a cyber first responder — discovered TRISIS malware at a petrochemical plant in Saudi Arabia, his blood ran cold, according to MIT Technology Review.

Jan 16, 2018 · Mandiant’s researchers would discover that the initial Trisis attack actually had misfired: The plant’s unresponsive machines had automatically shut down, entering a fail-safe mode after detecting an anomaly. The attackers had made a configuration mistake.

Dec 14, 2017 · TRISIS is malware that was developed and deployed to at least one victim in the Middle East to target safety instrumented systems (SIS). Dragos, Inc. found and analyzed the malware last month and made sure our ICS WorldView customers were aware and prepared with proper defense recommendations.

Apr 10, 2019 · Triton/Trisis specifically targets Schneider Electric's SIS, the Triconex Emergency Shut Down (ESD) system. SISes provide emergency shutdown for plant processes to prevent physical threats when...

The malware, named TRITON (also known as TRISIS or HatMan), went beyond other industrial cyber attacks by directly interacting with a Safety Instrumented System (SIS).

Triton is an attack framework built to interact with Triconex Safety Instrumented System (SIS) controllers. [1] [2] [3] [4] [5] [6] [7] Triton has the ability to halt or run a program through the TriStation protocol. TsHi.py contains instances of halt and run functions being executed. [8]

May 24, 2018 · The malware shows similarities to what’s commonly known as Trisis, which was used in an attack last year in Saudi Arabia. While Trisis exploited one particular industrial control system, researchers say a new variant impacts a variety of safety instrumented systems.