Trisis

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
TRISIS, also known as TRITON, is a particularly dangerous form of malware that targets safety instrumented systems (SIS) of industrial facilities. It was first identified in 2017 when it targeted a petrochemical facility in Saudi Arabia. The malware specifically attacked Triconex SIS controllers, which are used in many critical infrastructures worldwide. This marked an escalation in the capabilities and intentions of cyber attackers, as this was one of the first instances where malware was used with the potential to cause physical harm or fatalities. The investigation and analysis of the TRISIS attack were carried out by a team from Dragos, a cybersecurity firm specializing in protecting industrial infrastructure. The team at Dragos has been involved in investigating some of the most significant cyberattacks on industrial infrastructure, including the 2016 attack on Ukraine’s electric system and the 2021 Colonial Pipeline ransomware attack. The TRISIS attack on the Saudi Arabian petrochemical facility stood out due to its unprecedented intent - it was the first known attempt to potentially cause human casualties through malicious software. The TRISIS attack highlights the evolving nature of cyber threats and the increasing risk they pose to physical infrastructure and human lives. It underscores the need for robust cybersecurity measures in industrial control systems, especially those associated with critical infrastructure. As malware continues to evolve and become more sophisticated, organizations must remain vigilant and proactive in their defense strategies to protect their systems and ensure safety.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
TRITON
4
Triton is a sophisticated malware that has been historically used to target the energy sector. It was notably used in 2017 by the Russian Central Scientific Research Institute of Chemistry and Mechanics (TsNIIkhM) to attack a Middle East petrochemical facility. The malware, also known as Trisis and
XENOTIME
3
XENOTIME is a threat actor group that has been active since late 2018, gaining notoriety for its malicious cyber activities. The group was initially referred to as TEMP.Veles by FireEye, but this terminology was later replaced with the more cryptic "TRITON actor". Meanwhile, cybersecurity firm Drago
Triton Actor
1
The TRITON actor is a threat actor known for its malicious activities, specifically focused on gaining access to Operational Technology (OT) networks. Identified by cybersecurity firm FireEye, the actor's tactics, techniques, and procedures (TTPs) were first publicly detailed in 2017 when they deplo
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Ics
Dragos
Exploit
Zero Day
Industrial
Vulnerability
Ransomware
Fireeye
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
HatmanUnspecified
1
None
StuxnetUnspecified
1
Stuxnet is a notorious malware, known for its role in one of history's most infamous Advanced Persistent Threat (APT) attacks. Co-developed by the United States and Israel, this military-grade cyberweapon was specifically designed to target Iran's nuclear enrichment facility at Natanz in 2010. The S
Industroyer2Unspecified
1
Industroyer2 is a sophisticated piece of malware designed to target Industrial Control Systems (ICS), developed and deployed by the Russian state-sponsored advanced persistent threat group, Sandworm. The group has been active since 2007 and used Industroyer2 in a significant attack against Ukraine's
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2023-3595Unspecified
2
None
Source Document References
Information about the Trisis Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Rockwell Automation ControlLogix Flaws Expose ICS Devices to RCE & DoS Attacks
CERT-EU
a year ago
Cyberattacks on Industrial Control Systems Jumped in 2022
CERT-EU
a year ago
Rockwell Automation exploit spurs fears of critical infrastructure security
DARKReading
4 months ago
Sprawling Sellafield Nuclear Waste Site Prosecuted for Cybersecurity Failings
CSO Online
a year ago
Attacks on industrial infrastructure on the rise, defenses struggle to keep up
MITRE
a year ago
XENOTIME Threat Group | Dragos
MITRE
a year ago
Four Russian Government Employees Charged in Two Historical Hacking
Securityaffairs
a year ago
US CISA warns of Rockwell Automation ControlLogix flaws
CERT-EU
10 months ago
Executive Insights into Manufacturing Cybersecurity with Rockwell Automation and DragosWebinar. | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
a year ago
Robert M. Lee, CEO and Co-founder | Dragos
CERT-EU
9 months ago
The Urgency for Robust Utility Cybersecurity