Triton Actor

Threat Actor updated 3 months ago (2024-11-29T14:36:27.442Z)
Download STIX
Preview STIX
The TRITON actor is a threat actor known for its malicious activities, specifically focused on gaining access to Operational Technology (OT) networks. Identified by cybersecurity firm FireEye, the actor's tactics, techniques, and procedures (TTPs) were first publicly detailed in 2017 when they deployed the TRITON/TRISIS malware framework. The actor was later linked to a Russian research institution and was named "TEMP.Veles" by FireEye. However, the terminology has since been revised, with FireEye referring to the group more ambiguously as the "TRITON actor." There has been some confusion surrounding the identity of the TRITON actor, with respected journalists conflating instances of TRITON malware identification with the activity of the TRITON actor. This distinction is important due to differences in evidence collection methods between cybersecurity firms. For instance, Dragos, another cybersecurity firm, has had more engagement with instances related to the TRITON actor, leading them to identify the group as "XENOTIME." In contrast, FireEye's data-centric approach requires more observations to define an Advanced Persistent Threat (APT). Since late 2018, FireEye has stepped back from using the term TEMP.Veles and instead refers to the entity cryptically as the "TRITON actor". Meanwhile, Dragos consistently refers to the group as XENOTIME based on identified behaviors. The TRITON actor is also known for its use of Thinstall for packaging malware and operating in favored directories for staging and executing files. Despite the varying nomenclature, the cybersecurity community agrees on the significant threat posed by this actor, particularly due to its focus on Industrial Control Systems (ICS), a relatively novel and under-explored area of cyber threats.
Description last updated: 2024-05-04T23:01:36.319Z
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Triton Actor Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more