At the Security Analyst Summit this year in Cancun, FireEye’s Marina Krotofil talks about the Triton malware, first disclosed in December 2017, that targets industrial control systems. Krotofil discusses with Threatpost’s Lindsey O’Donnell about the implications of this malware for the manufacturing market as a whole.
It looks like this is the work of amateurs, not nation-state attackers bent on making a geopolitical point, making use of the recently patched Drupal vulnerability.
Researchers are warning malware payloads can bypass traditional AV protection when delivered buried inside images, documents or even just a pixel.
Researchers have identified what they are calling an Early Bird code injection technique used by the Iranian group APT33 to burrow the TurnedUp malware inside infected systems while evading anti-malware tools.