Triton hackers are preparing a cyber attack against US power grid networks

Today cybersecurity specialists have expressed their speculation and concern that the cyber attack group, Triton, would go and attack the US national power grid.

For those who don’t know, Triton is the most dangerous cyberthreat in the world; this group provides the best example of threat proliferation in ICS. Experts say that what was once considered an oil and gas cyberthreat is now an electric cyberthreat, too.

A report published today says that there is literally no evidence at this point that Triton could actually wage a cyber attack that would result in a catastrophic or destructive event on electric utility operations, but the hacking group is fully active around power grid networks.

If we look back to 2017, we see that the hackers of the Triton group have targeted and successfully shut down a physical safety instrumentation system at a petrochemical plant in Saudi Arabia.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;

Earlier this year it was revealed that Triton installed malicious code at an industrial company, marking this the first publicly revealed cyberattack by the Triton group since the original incident at the Saudia Arabian plant.
Industrial-control system (ICS) security experts are saying that the hackers actually began scanning electric utility networks in the US and Asia-Pacific regions in late 2018 using similar or the same tools and methods the group have used in targeting oil and gas companies in the Middle East and North America.

From what has been discovered it looks like Triton group is looking forward to expanding its cyber activities and cyber attacks into the power grid.
Like we said before the only publicly known successful cyber attack of this group was that of the Saudi Arabian plant in 2017. Back then the Triton used a malware that was embedded in a Schneider Electric customer’s safety system controller.

The outcome of that cyber attack could have been catastrophic, experts say.
The day was saved only by the blind luck when apparently a misstep done by the hackers went to a full shut down done by the Schneider Triconex Emergency Shut Down (ESD) system.

Meanwhile, the Triton group in 2018 also compromised several ICS vendors, which is raising concerns of them preparing a supply chain-style cyberattacks.

We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.