Sign up for our daily briefing
Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Denver news in your inbox
Catch up on the most important stories affecting your hometown with Axios Denver
Des Moines news in your inbox
Catch up on the most important stories affecting your hometown with Axios Des Moines
Minneapolis-St. Paul news in your inbox
Catch up on the most important stories affecting your hometown with Axios Twin Cities
Tampa Bay news in your inbox
Catch up on the most important stories affecting your hometown with Axios Tampa Bay
Charlotte news in your inbox
Catch up on the most important stories affecting your hometown with Axios Charlotte
Statue of Triton, son of Neptune, Nicola Salvi's Trevi Fountain, Italy. Photo: DeAgostini/Getty Images
The attackers who launched TRITON, a notorious industrial-system-focused malware only known to have been used once, have struck a second target, according to researchers at FireEye presenting at the Kaspersky Lab SAS Summit in Singapore.
Why it matters: FireEye was the first to discover TRITON, which startled researchers by amassing an uncommon amount of control over industrial systems. Due to a mistake in the attack, it inadvertently led to a plant shutdown and nearly caused a deadly explosion. While no one expected TRITON to be a one-time affair, its resurgence is jarring.
Background: The victim of the first attack was not identified by FireEye, but a harrowing account of the attack in E&E News revealed it to be the Petro Rabigh refinery in the Red Sea.
- FireEye later attributed the design of components of the TRITON malware to a research institute in Moscow.
Details: The new victim, also not identified by FireEye, revealed the use of hacking tools not seen in the first attack.
- The tools appear to date from as far back as 2014, though FireEye has never seen them in use in the past.
- FireEye reported indicators and recommended techniques defenders can use to identify and thwart future TRITON attacks.
- "[W]e strongly encourage industrial control system (ICS) asset owners to leverage the indicators, TTPs [tactics, techniques and procedures], and detections," FireEye wrote in its official report.