A Peek Into the Toolkit of the Dangerous Triton Hackers

#1

Originally published at: https://sweetops.com/sub/a-peek-into-the-toolkit-of-the-dangerous-triton-hackers/

Two customers hired FireEye to investigate intrusions on their networks: the Petro Rabigh oil refinery, temporarily shut down by Triton in Saudi Arabia in 2017, and an anonymous, previously undisclosed victim whose breach FireEye investigated just this year. In those investigations, FireEye says it has identified a collection of custom, malicious software that the Triton hackers used: tools that allowed the hackers to patiently advance their intrusion as they worked to gain access to the victims’ industrial control systems.