TRITON/TRISIS Cyberattacker Has a New Target: Power Sector

XENOTIME, a cyberthreat activity group thought responsible for TRISIS/TRITON malware attacks on safety instrumented systems (SIS) at an oil and gas Middle Eastern facility in 2017, has been probing power company networks in the U.S. and elsewhere, new intelligence from industrial control systems (ICS) security firm Dragos shows. 

“In February 2019, Dragos identified a change in XENOTIME behavior: starting in late 2018, XENOTIME began probing the networks of electric utility organizations in the U.S. and elsewhere using similar tactics to the group’s operations against oil and gas companies,” the company said in a June 14 blog. 

The threat was detected by Dragos Platform customers, which “have detections for XENOTIME, as the product receives these and other threat behavior detection updates regularly,” it said. While no power sector targeting events have resulted in a “known, successful intrusion into victim organizations to date, the persistent attempts, and expansion in scope is cause

... read more at: