Trisis

Malware updated 5 months ago (2024-05-04T22:17:35.448Z)
Download STIX
Preview STIX
TRISIS, also known as TRITON, is a particularly dangerous form of malware that targets safety instrumented systems (SIS) of industrial facilities. It was first identified in 2017 when it targeted a petrochemical facility in Saudi Arabia. The malware specifically attacked Triconex SIS controllers, which are used in many critical infrastructures worldwide. This marked an escalation in the capabilities and intentions of cyber attackers, as this was one of the first instances where malware was used with the potential to cause physical harm or fatalities. The investigation and analysis of the TRISIS attack were carried out by a team from Dragos, a cybersecurity firm specializing in protecting industrial infrastructure. The team at Dragos has been involved in investigating some of the most significant cyberattacks on industrial infrastructure, including the 2016 attack on Ukraine’s electric system and the 2021 Colonial Pipeline ransomware attack. The TRISIS attack on the Saudi Arabian petrochemical facility stood out due to its unprecedented intent - it was the first known attempt to potentially cause human casualties through malicious software. The TRISIS attack highlights the evolving nature of cyber threats and the increasing risk they pose to physical infrastructure and human lives. It underscores the need for robust cybersecurity measures in industrial control systems, especially those associated with critical infrastructure. As malware continues to evolve and become more sophisticated, organizations must remain vigilant and proactive in their defense strategies to protect their systems and ensure safety.
Description last updated: 2024-05-04T21:38:04.303Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
TRITON is a possible alias for Trisis. Triton is a type of malware, specifically designed to exploit and damage computer systems. It was first used in a cyberattack on a Middle East petrochemical facility in 2017, attributed to the Russian Central Scientific Research Institute of Chemistry and Mechanics (TsNIIkhM). The malware targets sa
4
XENOTIME is a possible alias for Trisis. XENOTIME is a threat actor group that has been active since late 2018, gaining notoriety for its malicious cyber activities. The group was initially referred to as TEMP.Veles by FireEye, but this terminology was later replaced with the more cryptic "TRITON actor". Meanwhile, cybersecurity firm Drago
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Exploit
Ics
Dragos
Industrial
Zero Day
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The vulnerability CVE-2023-3595 is associated with Trisis. Unspecified
2
Source Document References
Information about the Trisis Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
a year ago
CERT-EU
2 years ago
CERT-EU
a year ago
DARKReading
7 months ago
CSO Online
2 years ago
MITRE
2 years ago
MITRE
2 years ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago