Trisis – WindowsTechs.com

Actions Target Russian Govt. Botnet, Hydra Dark Market

Posted on April 7, 2022 by BrianKrebs

The U.S. Federal Bureau of Investigation (FBI) says it has disrupted a giant botnet built and operated by a Russian government intelligence unit known for launching destructive cyberattacks against energy infrastructure in the United States and Ukraine. Separately, law enforcement agencies in the U.S. and Germany moved to decapitate “Hydra,” a billion-dollar Russian darknet drug bazaar that also helped to launder the profits of multiple Russian ransomware groups. Continue reading Actions Target Russian Govt. Botnet, Hydra Dark Market→

DOJ unseals charges against Russians in attempted hacks of infrastructure, including Trisis case

Posted on March 24, 2022 by AJ Vicens

One indictment alleges hacking attempts on industrial control systems, and the other involves a separate spree from 2012-17.

The post DOJ unseals charges against Russians in attempted hacks of infrastructure, including Trisis case appeared first on CyberScoop.

Continue reading DOJ unseals charges against Russians in attempted hacks of infrastructure, including Trisis case→

Researchers find big flaw in a Schneider Electric ICS system popular in building systems, utilities

Posted on July 13, 2021 by Tonya Riley

A vulnerability in Schneider Electric computer control systems popular in heating, air conditioning and other building systems could allow hackers to take control of them, researchers at security firm Armis warn. The remote code execution vulnerability puts millions of devices at risk, Armis said in a report out Tuesday. The affected Modicon programmable logic controllers (PLCs) are also used widely in manufacturing, automation applications and energy utilities. The vulnerability could be used to deploy a variety of attacks, from launching ransomware to altering the commands to machinery. “It’s a very wide range,” said Ben Seri, vice president of research at Armis. “It does reach on one end nation-states and sophisticated attacks in that type of scale, but it can also just be the next logical steps for ransomware attackers.” The vulnerability would allow attackers to hijack a command that would leak a password hash from the device’s memory. Once they have […]

The post Researchers find big flaw in a Schneider Electric ICS system popular in building systems, utilities appeared first on CyberScoop.

Continue reading Researchers find big flaw in a Schneider Electric ICS system popular in building systems, utilities→

How (and why) cyber specialists hacked a North American utility’s smart meter

Posted on April 16, 2021 by Sean Lyngaas

The hackers behind some of the most impactful intrusions of industrial organizations in the last five years have meticulously searched for ways to move from facilities’ IT networks to the more sensitive computers that interact with machinery. Before alleged Russian hackers cut power in Ukraine in 2015, for example, they spent many months mapping out utility computer networks and gathering grid workers’ credentials. And the hackers that triggered the 2017 shutdown of a Saudi petrochemical plant with the so-called Triton malware are known for using dozens of different tools to maintain access to IT and industrial networks. As state-sponsored hackers continue to probe U.S. infrastructure, cybersecurity experts regularly emulate those landmark attacks today to break into their clients’ networks in order to protect them. The latest example comes from Mandiant, FireEye’s incident response unit, which this week publicized the techniques it used to infiltrate a North American utility’s industrial control systems […]

The post How (and why) cyber specialists hacked a North American utility’s smart meter appeared first on CyberScoop.

Continue reading How (and why) cyber specialists hacked a North American utility’s smart meter→

From Triton to Stuxnet: Preparing for OT Incident Response

Posted on November 12, 2020 by Lindsey O'Donnell

Lesley Carhart, with Dragos, gives Threatpost a behind-the-scenes look at how industrial companies are faring during the COVID-19 pandemic – and how they can prepare for future threats. Continue reading From Triton to Stuxnet: Preparing for OT Incident Response→

U.S. Levies Sanctions Against Russian Research Institution Linked to Triton Malware

Posted on October 23, 2020 by Tom Spring

The latest in a flurry of actions this week, tied to foreign threats against U.S. computer systems, includes sanctions by the Department of the Treasury. Continue reading U.S. Levies Sanctions Against Russian Research Institution Linked to Triton Malware→

US sanctions Russian government institution in connection with Trisis malware

Posted on October 23, 2020 by Tim Starks

The U.S. Treasury Department sanctioned a Russian government research institute on Friday that it said was connected to the strain of destructive malware frequently labeled the most dangerous in the world. Known as Trisis or Triton, the malicious software is designed to target systems used to safely control emergency shutdowns of industrial plants. Last year, security researchers at Dragos determined that the hackers behind the tool had scanned the networks of U.S. electrical utilities, after the malware initially surfaced in 2017 at a Saudi petrochemical plant. The sanctions mark the first time any government has publicly connected Trisis to Russia. “In recent years, the Triton malware has been deployed against U.S. partners in the Middle East, and the hackers behind the malware have been reportedly scanning and probing U.S. facilities,” Treasury said it its sanctions announcement. “The development and deployment of the Triton malware against our partners is particularly troubling given the Russian government’s involvement in malicious […]

The post US sanctions Russian government institution in connection with Trisis malware appeared first on CyberScoop.

Continue reading US sanctions Russian government institution in connection with Trisis malware→

Airbus researcher explores ‘Stuxnet-type attack’ for security training

Posted on January 16, 2020 by Sean Lyngaas

Stuxnet, the potent malware reportedly deployed by the U.S. and Israel to disrupt an Iranian nuclear facility a decade ago, helped change the way that many energy-infrastructure operators think about cybersecurity. The computer worm drove home the idea that well-resourced hackers could sabotage industrial plant operations, and it marked a new era of state-sponsored cyber-operations against critical infrastructure. Years later, industrial cybersecurity experts are still learning from the destructive potential of Stuxnet’s code and how it was deployed. While Stuxnet was an extraordinary situation — an intensive operation designed to hinder Iran’s nuclear program — it holds lessons for the wider world in securing industrial equipment that moves machinery. In a new study to improve security, a researcher at the cybersecurity subsidiary of European planemaker Airbus describes how he designed a program to execute code in a “Stuxnet-type attack” on a programmable logic controller (PLC), the ruggedized computers that monitor and control industrial systems like pumps, circuit […]

The post Airbus researcher explores ‘Stuxnet-type attack’ for security training appeared first on CyberScoop.

Continue reading Airbus researcher explores ‘Stuxnet-type attack’ for security training→

Oil-and-Gas Specialist APT Pivots to U.S. Power Plants

Posted on January 10, 2020 by Tara Seals

Researchers say that physically disruptive attacks aren’t imminent, but an increased focus on U.S. electrical-grid operators doesn’t bode well. Continue reading Oil-and-Gas Specialist APT Pivots to U.S. Power Plants→

ICS Attackers Set To Inflict More Damage With Evolving Tactics

Posted on October 31, 2019 by Elizabeth Montalbano

While it remains difficult to attack critical infrastructure successfully, adversaries aim to use past experience to launch more destructive future attacks, according to analysis. Continue reading ICS Attackers Set To Inflict More Damage With Evolving Tactics→