TRITON

Malware updated 4 days ago (2024-11-29T13:57:33.502Z)
Download STIX
Preview STIX
Triton is a type of malware, specifically designed to exploit and damage computer systems. It was first used in a cyberattack on a Middle East petrochemical facility in 2017, attributed to the Russian Central Scientific Research Institute of Chemistry and Mechanics (TsNIIkhM). The malware targets safety instrumented systems, particularly within the energy sector. Triton's developers demonstrated a strong capability for custom tooling, as the malware framework and intrusion tools were built and deployed by humans with observable strategies, preferences, and conventions. These attacks are not common but have occurred on rare occasions, such as the 2017 incident. The use of Triton malware resurfaced in March 2022 when the FBI issued an advisory warning about its deployment against the energy sector. Unlike other complex OT-specific malware like Stuxnet, Triton requires less effort to analyze a particular device, making it harder to eliminate. Furthermore, Triton has been associated with a vulnerability in the NVIDIA Triton Inference Server for Linux and Windows, where an attacker may cause a relative path traversal when it is launched with the non-default command line option --model-control explicit. This vulnerability, CVE-2023-31036, was first published by the vendor in January 2024. Triton Global Services, Inc., unrelated to the malware, offers traditional security guard services, low voltage video surveillance solutions, and cutting-edge technologies that integrate advanced AI capabilities via the Remote Guarding Division. They are committed to protecting clients' assets by combining advanced technologies with a highly trained team. As a leader in integrated security solutions, they deliver comprehensive security for businesses across a wide range of industries. California state and local agencies can contact Triton Global Services directly for assistance via their website.
Description last updated: 2024-10-15T09:23:26.311Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Trisis is a possible alias for TRITON. TRISIS, also known as TRITON, is a particularly dangerous form of malware that targets safety instrumented systems (SIS) of industrial facilities. It was first identified in 2017 when it targeted a petrochemical facility in Saudi Arabia. The malware specifically attacked Triconex SIS controllers, wh
4
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Ics
Windows
Reconnaissance
Payload
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Stuxnet Malware is associated with TRITON. Stuxnet, discovered in 2010, is one of the most infamous malware attacks in history. It was a military-grade cyberweapon co-developed by the United States and Israel, specifically targeting Iran's nuclear enrichment facility at Natanz. The Stuxnet worm infiltrated Windows systems, programming logic Unspecified
4
The WannaCry Malware is associated with TRITON. WannaCry is a notorious malware that gained global attention in 2017 when it was responsible for the biggest ransomware attack to date. The malware, designed to exploit and damage computer systems, infects systems through suspicious downloads, emails, or websites. Once inside a system, WannaCry can Unspecified
2
Source Document References
Information about the TRITON Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
8 months ago
CERT-EU
9 months ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
DARKReading
a year ago
CERT-EU
2 years ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago