Mysterious safety-tampering malware infects a second site

Now, researchers at FireEye—the same security firm that discovered Triton and its ties to Russia—say they have uncovered an additional intrusion that used the same malicious software framework against a different critical infrastructure site. “After establishing an initial foothold on the corporate network, the Triton actor focused most of their effort on gaining access to the OT network,” FireEye researchers wrote in a report published Wednesday. The existence of these tools, and the attackers’ demonstrated interest in operational security, lead FireEye researchers to believe there may be other sites beyond the two already known where the Triton attackers were or still are present.

Source: arstechnica.com