TRITON Actor TTP Profile, Custom Attack Tools, Detections, and
FireEye can now confirm that we have uncovered and are responding
to an additional intrusion by the attacker behind TRITON at a
different critical infrastructure facility.
In December 2017, FireEye publicly released our first analysis on
attack where malicious actors used the TRITON custom attack
framework to manipulate industrial safety systems at a critical
infrastructure facility and inadvertently caused a process shutdown.
In subsequent research
we examined how the attackers may have gained access to critical
components needed to build the TRITO...