Triton exploited zero-day overview
Experts at FireEye published a report on malware Triton, which is intended to attack industrial control systems and key infrastructure facilities. Triton was first discovered in the wild in August 2017.
Charlie Osborne wrote a post in which she described how Trojan managed to destroy the main industrial systems in the Middle East. Triton was designed to interfere with the operation of security controllers. In the attack against the client, malware used the “zero day” error in the Tricon firmware to scan and compare the industrial control system and the reconnaissance. The threat of zero day is a breach in the software security system that hackers use to gain unauthorized access to the system.
You can find more information about this malware in this article. The company plans to release a detection tool and a removal procedure as part of the patch update to 10X firmware in February to prevent the successful use of Triton by other controller functions.