Creators of Trisis malware have expanded their ICS attacks
May 25, 2018 / Madelyn Bacon
The group behind the Trisis malware attack on an oil and gas company in Saudi Arabia last year has also now hacked industrial firms in other countries, according to new research. Cybersecurity company Dragos Inc. published a report this week that identifies a new threat group called Xenotime as the authors of the Trisis malware, also known as Triton, and warned of a similar malware campaign that has been targeting unnamed companies globally with industrial control system (ICS) attacks. Dragos assesses with moderate confidence that Xenotime intends to establish required access and capability to cause a potential, future disruptive -- or even destructive -- event," Dragos said in its blog post about the threat. "The group created a custom malware framework and tailor-made credential gathering tools, but an apparent misconfiguration prevented the attack from executing properly. As Xenotime matures, it is less likely that the group will make this mistake in the future."