Triton (malware)

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Triton is malware first discovered at a Saudi Arabian petrochemical plant in 2017.[1][2] It can disable safety instrumented systems, which can then contribute to a plant disaster. It has been called "the world's most murderous malware."[3]

In December 2017, it was reported that the safety systems of an unidentified power station, believed to be in Saudi Arabia, were compromised when the Triconex industrial safety technology made by Schneider Electric SE was targeted in what is believed to have been a state sponsored attack. The computer security company Symantec claimed that the malware, known as "Triton", exploited a vulnerability in computers running the Microsoft Windows operating system.[2]

In 2018, FireEye, a company that researches cyber-security, reported that the malware most likely came from the Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM), a research entity in Russia.[4]

See also[edit]


  1. ^ Franzetti, Davide (26 February 2019). "Oil & Gas Cybersecurity and Process Safety Converge". Security Boulevard.
  2. ^ a b Gibbs, Samuel (15 December 2017). "Triton: hackers take out safety systems in watershed attack on energy plant". The Guardian. Retrieved 2019-10-12.
  3. ^ Giles, Martin (5 March 2019). "Triton is the world's most murderous malware, and it's spreading". Technology Review.
  4. ^ Sobczak, Blake (7 March 2019). "The inside story of the world's most dangerous malware". E&E News.