Triton is malware first discovered at a Saudi Arabian petrochemical plant in 2017.[1][2] It can disable safety instrumented systems, which can then contribute to a plant disaster.[3]
In December 2017, it was reported that the safety systems of an unidentified power station, believed to be in Saudi Arabia, were compromised when the Triconex industrial safety technology made by Schneider Electric SE was targeted in what is believed to have been a state sponsored attack. The computer security company Symantec claimed that the malware, known as "Triton", exploited a vulnerability in computers running the Microsoft Windows operating system.[2]
In 2018, FireEye, a company that researches cyber-security, reported that the malware most likely came from the Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM), a research entity in Russia.[4]
It was reported by Wired that Triton's attacks were registered in North America, China, and Russia.[5]