Photo: YinYang via Getty Images

Xenotime, the notorious group behind the Triton malware designed to disable safety systems at petrochemical plants, has started to do reconnaissance at electric utilities, including those in the U.S, according to industrial systems cybersecurity firm Dragos.

Why it matters: Triton, also called Trisis, was designed to be not only destructive, but be destructive in a way that could kill people. In fact, there are only three other groups known to successfully, deliberately disrupt industrial control systems.

  • To be clear: We don't know that any U.S. electric utilities have been breached. Trisis has been observed doing some of the slow, deliberate groundwork to launch an attack.

Background: Triton was first seen in an attack a Saudi petrochemical facility. It hasn't been seen in any subsequent attack, though the same group behind the attack has still been active.

  • Because industrial control system attacks need to be extensively targeted against highly specialized equipment, this is believed to be the first time an attacker group switched from one sector to another — petrochemical to electricity.
  • While there are links between one component of the malware and a Russian research organization, no one has formally linked the malware to the Russian government. Hackers can be hired, borrow code or copy it from previous attacks.

Go deeper

Updated 22 mins ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 9:30 p.m. ET: 19,778,566— Total deaths: 729,768 — Total recoveries — 12,044,654Map.
  2. U.S.: Total confirmed cases as of 9:30 p.m. ET: 5,044,69 — Total deaths: 162,938 — Total recoveries: 1,656,864 — Total tests: 61,792,571Map.
  3. Politics: Pelosi says states don't have the funds to comply with Trump's executive order on unemployment — Mnuchin says Trump executive orders were cleared by Justice Department.
  4. States: New York reports lowest rate of positive coronavirus test results since pandemic began
  5. Public health: Ex-FDA head: U.S. will "definitely" see 200,000 to 300,000 virus deaths by end of 2020. 
  6. Schools: Nine test positive at Georgia school where photo showing packed hallway went viral — How back-to-school is playing out in the South as coronavirus rages on.
Updated 41 mins ago - World

Hong Kong media tycoon Jimmy Lai arrested under national security law

Media tycoon Jimmy Lai at the Next Digital offices in Hong Kong in June. Photo: Anthony Wallace/AFP via Getty Images

Hong Kong pro-democracy activist Jimmy Lai has been arrested for "collusion with foreign powers," said Mark Simon, an executive at the tycoon's media firm Next Digital Monday morning local time.

Why it matters: He was arrested under the new national security law that gives Beijing more powers over the former British colony. Lai is the most prominent person arrested under the law, which prompted the U.S. to sanction Chinese officials, including Hong Kong leader Carrie Lam, over Beijing's efforts to strip the territory of its autonomy.

New York reports new low positive coronavirus test rate

People physically distancing at tables in New York City's Times Square in June. Photo: Johannes Eisele/AFP via Getty Images

New York Gov. Andrew Cuomo (D) announced Sunday 515 people, or 0.78% of those tested, returned a positive reading for COVID-19 the previous day.

Why it matters: It's the lowest single-day positive rate since the start of the pandemic. It's another sign that the state that was once a global coronavirus epicenter is curbing the spread of the virus. "Our daily numbers remain low and steady, despite increasing infection rates across the country, and even in our region," Cuomo said in a statement. "But we must not become complacent: Everyone should continue to wear their masks and socially distance."

Go deeper: Cuomo says all New York schools can reopen for in-person learning