The International Business Times reports:
A powerful malware, dubbed Triton or Trisis, which allows hackers to gain remote access to energy facilities’ safety systems, has reportedly been accidentally leaked online for anyone to download. The malware is considered by some experts to be a next-generation cyberweapon and has already been used in December 2017 to shut down an oil and gas facility in the Middle East.
According to research from multiple cybersecurity firms including FireEye, Dragos, Symantec and Trend Micro, the malware is likely created by a nation-state and targets safety systems of industrial control systems (ICS). Triton specifically targets the safety instrument system (SIS) produced by Schneider Electric’s Triconex.
Triton can reportedly allow hackers to dismantle safety systems that can lead to the breakdown of machinery or even cause explosions. Quoting three anonymous sources, Cyberscoop reported that the malware’s framework was inadvertently posted to VirusTotal inadvertently by Schneider Electric. The malware has reportedly been publicly available since 22 December and could even have been downloaded by anyone.
How does such dangerous malware accidentally leak online? Someone was either extremely careless, or there was nothing accidental about this at all.
Successful attacks against critical infrastructure operators may very well prove devastating in the event of an actual global military conflict. Malware like Triton and others are not just used for gaining access to systems, but are military-grade tools developed by nation states.