Trisis – Page 2 – WindowsTechs.com

Yet another hacking group is targeting oil and gas companies, Dragos says

Posted on August 1, 2019 by Sean Lyngaas

A previously undocumented hacking group has been targeting oil and gas companies along with telecommunications providers from Africa to Central Asia to the Middle East, the industrial cybersecurity company Dragos said Thursday. The revelation brings to five the number of groups tracked by Dragos that go after the oil and gas sector, highlighting the growing interest shown by well-resourced hackers in probing the industrial control systems (ICS) that underpin energy infrastructure. Oil and gas companies move markets and are strategic national assets, giving cyber operatives plenty of reason to scope them out. The new hacking group, which Dragos calls Hexane, has been particularly active in recent months, targeting organizations with phishing lures and malware implants. “It’s definitely stage-one activity with the intent to intrude,” Casey Brooks, senior adversary hunter at Dragos, told CyberScoop. “Whether they were successful or not, we can’t comment on that.” The far-flung activity underscores the interest that ICS-focused […]

The post Yet another hacking group is targeting oil and gas companies, Dragos says appeared first on CyberScoop.

Continue reading Yet another hacking group is targeting oil and gas companies, Dragos says→

Firmware Bugs Plague Server Supply Chain, 7 Vendors Impacted

Posted on July 17, 2019 by Tom Spring

Lenovo, Acer and five additional server manufacturers are hit with supply-chain bugs buried in motherboard firmware. Continue reading Firmware Bugs Plague Server Supply Chain, 7 Vendors Impacted→

TRISIS Group, Known for Physical Destruction, Targets U.S. Electric Companies

Posted on June 14, 2019 by Tara Seals

XENOTIME, a destructive APT linked to Russia, has broadened its target set beyond Middle East oil and gas. Continue reading TRISIS Group, Known for Physical Destruction, Targets U.S. Electric Companies→

The group behind Trisis has expanded its targeting to the U.S. electric sector

Posted on June 14, 2019 by Sean Lyngaas

The notorious hacking group behind the Trisis malware, which is designed to disrupt industrial safety systems, has expanded its targeting to include U.S. electric utilities, according to new research. The group, known as Xenotime, most famously deployed the Trisis malware on a Saudi petrochemical plant in the summer of 2017, forcing it to shut down. But starting in late 2018, according to analysts at industrial cybersecurity company Dragos, Xenotime went beyond its focus on oil and gas sector to probe the networks of electric utilities in the U.S. and elsewhere. “While there is no evidence at this time that Xenotime has successfully breached any of the entities it has probed in U.S. electric utilities, the fact that this actor – which has already demonstrated the willingness and capability to execute a disruptive ICS [industrial control system] attack – is now actively gathering information on electric utilities is deeply concerning,” Joe Slowik, […]

The post The group behind Trisis has expanded its targeting to the U.S. electric sector appeared first on CyberScoop.

Continue reading The group behind Trisis has expanded its targeting to the U.S. electric sector→

FireEye says it is responding to a second Trisis intrusion

Posted on April 10, 2019 by Sean Lyngaas

Cybersecurity company FireEye on Wednesday said it was responding to a second intrusion at a critical infrastructure facility carried out by the group behind Trisis, the notorious malware that targets safety systems at industrial plants. To raise awareness about the group, known as Xenotime or TEMP.Veles, FireEye also released details on new customized tools the company’s incident responders had found at the unnamed facility. “[W]e believe there is a good chance the threat actor was or is present in other target networks,” FireEye researchers said in a blog post. (FireEye refers to Trisis as Triton.) The announcement of a second intrusion reinforces warnings from industrial cybersecurity experts that the hacking group has gone after additional targets since the dangerous malware was deployed on a Saudi petrochemical plant in the summer of 2017. The malware disrupted the Saudi plant’s safety instrumented systems, forcing it to shut down. Perhaps unlike any before […]

The post FireEye says it is responding to a second Trisis intrusion appeared first on CyberScoop.

Continue reading FireEye says it is responding to a second Trisis intrusion→

Researchers Find New Victim of ‘Triton’ Hackers

Posted on April 10, 2019 by Lorenzo Franceschi-Bicchierai

A security firm has discovered a new victim of the infamous hacking group that targeted critical infrastructure with destructive malware. Continue reading Researchers Find New Victim of ‘Triton’ Hackers→

Trisis investigator says Saudi plant outage could have been prevented

Posted on January 16, 2019 by Sean Lyngaas

Engineers and others responding to malware that hit a Saudi Arabia petrochemical plant in June 2017 missed a key opportunity to prevent the plant from shutting down a second time in August that year, an investigator of the incident said Tuesday. “The scope of the initial outage investigation that occurred in June [2017] was insufficient,” Julian Gutmanis, an industrial cybersecurity specialist who responded to the second outage, said Tuesday at the 2019 S4 Conference. “It really was a missed opportunity to identify the attackers and prevent the subsequent outage in August [2017].” The investigation of the June 2017 outage, which struck on a Saturday evening when the plant was manned by a skeleton crew, included a mechanical and engineering analysis, but not a cybersecurity one, Gutmanis said. The incident was ruled a malfunction, rather than an attack, and normal operations at the plant were restored. Two months later, the hackers were […]

The post Trisis investigator says Saudi plant outage could have been prevented appeared first on CyberScoop.

Continue reading Trisis investigator says Saudi plant outage could have been prevented→

Dragos to open Saudi Arabia office, announces new funding round

Posted on November 14, 2018 by Sean Lyngaas

Industrial cybersecurity company Dragos plans to open an office in Saudi Arabia next year to allow the company to more quickly respond to cyberthreats to energy infrastructure in the Middle East, Dragos CEO Robert M. Lee told CyberScoop. From the 2012 Shamoon attack on a state-owned oil company, to the infamous Trisis malware that caused a Saudi petrochemical plant to shut down in 2017, the Kingdom has been the scene of high-profile cyberattacks on industrial facilities. “A large reason for us to build the office there in Riyadh simply boils down to that’s where threats are,” Lee said. “And identifying those [threats] and learning from them makes our software, makes our approach better for all of our global customers.” The Saudi office will mark a major expansion for the Maryland-based company that Lee, a former Air Force and National Security Agency cybersecurity official, founded in 2013. Dragos on Wednesday also announced […]

The post Dragos to open Saudi Arabia office, announces new funding round appeared first on Cyberscoop.

Continue reading Dragos to open Saudi Arabia office, announces new funding round→

USB threat to industrial facilities comes into sharp focus with new Honeywell data

Posted on November 5, 2018 by Sean Lyngaas

With their ability to carry malware into sensitive environments, USB drives have long been a red flag for industrial facilities. A new study puts hard data behind those concerns and shows how the drives can propagate advanced threats like Stuxnet and Trisis. Of the 50 industrial sites on four continents where Honeywell International analyzed USB usage, 44 percent of sites detected and blocked at least one malicious file. These weren’t just run-of-the-mill files: 15 percent of the threats detected and blocked were infamous malware packages like Stuxnet and Trisis (2 percent each), Mirai (6 percent) and WannaCry (1 percent). About a quarter of the threats blocked could cause “a major disruption to an industrial control environment,” according to Honeywell, an industrial automation giant. The overall volume of USB-based malware found by Honeywell researchers was relatively small, but the types of threats detected were more serious than researchers had anticipated. “It’s […]

The post USB threat to industrial facilities comes into sharp focus with new Honeywell data appeared first on Cyberscoop.

Continue reading USB threat to industrial facilities comes into sharp focus with new Honeywell data→

FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware

Posted on October 24, 2018 by Swati Khandelwal

Cybersecurity firm FireEye claims to have discovered evidence that proves the involvement of a Russian-owned research institute in the development of the TRITON malware that caused some industrial systems to unexpectedly shut down last year, including … Continue reading FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware→