Threat Group Responsible for TRISIS/TRITON Expands Target Set to Include US Electric Utilities

The threat group Dragos tracks as XENOTIME has expanded its target set to include US electric utilities. XENOTIME is the group responsible for the TRISIS/TRITON malware, and the only group known to target safety instrumented systems (SIS). In February 2019, Dragos identified a persistent pattern of activity attempting to gather information and enumerate network resources associated with US and Asia-Pacific electric utilities. This activity suggests the group’s interest and preparation for further cyberattacks and due to this adversary’s willingness to subvert process safety in ICS environments, gives cause for concern. While water and wastewater infrastructure differs from current targets, there are commonalities in process safety that could still be targeted. Likewise, cross-sector dependencies with other critical infrastructure, such as electric, could be used to halt water and wastewater processing. Members are encouraged to focus on detecting and investigating events consistent with reconnaissance and initial access operations, including observed incidents of attempted authentication with credentials and possible credential “stuffing,” or using stolen usernames and passwords to try and force entry into target accounts. Read the article at Dragos