The hacker group behind the Russia-linked Triton malware has burrowed its way into another unnamed "critical infrastructure" facility, this time in the Middle East, according to intelligence analysts at cybersecurity firm FireEye, TechCrunch reports.
The first attack shut down Saudi oil giant Petro Rabigh in 2017.
In both instances, hackers targeted Triconex safety industrial control systems to control operations of the facility and access safety systems that protect industrial facilities from potentially lethal physical accidents.
On the second attack, hackers waited close to a year after planting the malware before gaining access to an engineering workstation, per FireEye research released at the Security Analyst Summit 2019 this week.
"[Often] malware like Triton is deployed, and the adversaries . . . wait for the right time to use it," according to the analysis. "During this time, the attacker must ensure continued access to the target environment."
FireEye has not revealed whether the attack caused any damage.
"The Triton intrusion is shrouded in mystery," according to the report. "There has been some public discussion surrounding the Triton framework and its impact at the target site, yet little to no information has been shared on the tactics, techniques and procedures (TTPs) related to the intrusion lifecycle, or how the attack made it deep enough to impact the industrial processes."
© 2025 Newsmax. All rights reserved.