Threat Landscape Dashboard

Feedback

Home

Operation TRITON

The campaign targeted Triconex Safety Instrumented System (SIS) controllers at a critical infrastructure organization in the Middle East in an attempt to modify the safety devices. The operation was first discovered in November 2017 and is reported to be the first malware to target safety systems in the ICS sector.

Name	Modified Date	Sources
Operation TRITON	2017-12-15	https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html https://dragos.com/blog/trisis/TRISIS-01.pdf https://www.symantec.com/blogs/threat-intelligence/triton-malware-ics http://www.isssource.com/safety-system-dcs-attacked/ https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/ https://github.com/ICSrepo/TRISIS-TRITON-HATMAN

Threat Landscape Dashboard

Operation TRITON

Choose your region