XENOTIME hacker organization expands its goal to electricity companies in the US and Asia-Pacific

ICS Attack Framework “TRITON”

The XENOTIME hacker organization has expanded its goal from oil and gas to the electric systems. The famous malware Triton is used by the XENOTIME hacker organization, which has caused physical damage to the device and stop operation.

XENOTIME has been targeting oil and gas-related industries in the past, and since the end of 2018, the organization has expanded its target to electric utilities in the United States and other regions. According to a report from the infrastructure security vendor Dragos, “in February 2019, while working with clients across various utilities and regions, Dragos identified a persistent pattern of activity attempting to gather information and enumerate network resources associated with US and Asia-Pacific electric utilities.

ICS Attack Framework “TRITON”

Dragos researchers added that the “activities are consistent with Stage 1 ICS Cyber Kill Chain reconnaissance and initial access operations including observed incidents of attempted authentication with credentials and possible credential ‘stuffing,’ or using stolen usernames and passwords to try and force entry into target accounts”.

The XENOTIME organization has successfully destroyed several oil and gas environments, which proves that it is capable of doing this in other areas as well.