A Peek Into the Toolkit of the Dangerous Triton Hackers

Forums Security News (Security) A Peek Into the Toolkit of the Dangerous Triton Hackers

Tagged: ,

  • This topic has 1 voice and 0 replies.
Viewing 0 reply threads
  • Author
    Posts
    • November 24, 2019 at 5:49 am #36736
      Telegram SmartBoT
      Moderator
      • Topic 5959
      • Replies 0
      • posts 5959
        @tgsmartbot

        #News(Security) [ via IoTGroup ]

        Headings…
        A Peek Into the Toolkit of the Dangerous Triton Hackers
        Custom Job
        Sirens of Triton

        Auto extracted Text……

        When the malware known both as Triton and Trisis came to light in late 2017, it quickly gained a reputation as perhaps the world’s most dangerous piece of code: the first ever designed to disable the safety systems that protect industrial facilities from potentially lethal physical accidents.
        But Triton hackers still have to engage in far more common forms of hacking to plant that code, in some cases spending close to a year digging their way through IT networks before they reach their targets.
        Two customers hired FireEye to investigate intrusions on their networks: the Petro Rabigh oil refinery, temporarily shut down by Triton in Saudi Arabia in 2017, and an anonymous, previously undisclosed victim whose breach FireEye investigated just this year.
        In those investigations, FireEye says it has identified a collection of custom, malicious software that the Triton hackers used, tools that allowed the hackers to patiently advance their intrusion as they worked to gain access to the victims’ industrial control systems.
        In contrast to Triton—one of a few vanishingly rare pieces of malware that directly targets industrial control systems—the newly named tools are essentially custom-written versions of common programs hackers use to work through traditional IT networks.
        But FireEye director of intelligence analysis John Hultquist says that detailing the Triton hackers’ custom toolkit might help other potential targets protect themselves.
        The list of tools FireEye has identified includes a program called SecHack, designed to pull a target user’s passwords and other credentials out of a computer’s memory so that they can be repeatedly reused to log in to any machine on the network the victim has access to.
        Another custom tool FireEye found the Triton hackers using is called NetExec, which mimics the functionality of PSExec, a Windows utility that lets administrators run commands on remote computers across a network

        Read More..
        AutoTextExtraction by Working BoT using SmartNews 1.0299999999 Build 26 Aug 2019

    • Author
      Posts
    Viewing 0 reply threads
    • You must be logged in to reply to this topic.