Joe Slowik, threat intelligence and detections lead at Gigamon, joins the podcast to discuss the XENOTIME hacking group, the entity believed to be responsible for the 2017 Triton attack.
Triton was deployed within a petrochemical facility in Saudi Arabia and triggered a fault in the Schneider Electric Triconex Safety Instrumented Systems that initiated a shutdown of the plant. The Triton intrusion and malware deployment could have been much worse, resulting in harmful physical consequences and loss of life.
Slowik's recent Virus Bulletin paper and presentation describes the complex ecosystem behind XENOTIME, its connections to Russian intelligence, and the tooling it built enabling the Triton attack and deployment.
One question does linger: Who wrote Triton?