Triton is malware first discovered at a Saudi Arabian petrochemical plant in 2017.[1][2] It can disable safety instrumented systems, which can then contribute to a plant disaster. It has been called "the world's most murderous malware."[3]

In December 2017, it was reported that the safety systems of an unidentified power station, believed to be in Saudi Arabia, were compromised when the Triconex industrial safety technology made by Schneider Electric SE was targeted in what is believed to have been a state sponsored attack. The computer security company Symantec claimed that the malware, known as "Triton", exploited a vulnerability in computers running the Microsoft Windows operating system.[2]

In 2018, FireEye, a company that researches cyber-security, reported that the malware most likely came from the Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM), a research entity in Russia.[4]

Incidents Caused by this Malware

Threat Actors Known to use this Malware

No threat actors identified