c87b529a2c
CyberX suggestions for changes Incident Trigger based link to deploy fix |
||
|---|---|---|
| .. | ||
| azuredeploy.json | ||
| readme.md | ||
readme.md
Triton Attack Playbook
Author: Amit Sheps and Lior Tamir
In December 2017, it was reported that safety systems of an unidentified power station, believed to be in Saudi Arabia, were compromised when a Triconex industrial a safety system made by Schneider Electric SE was targeted. It is believed that this was a state-sponsored attack.
Attackers used sophisticated malware called Triton. Using stolen credentials of one of the workstations on the IT domain, they managed to establish a remote desktop connection to the engineering workstation; program the PLCs and change its logic in a way that could have led to a disaster.
This playbook allows users to validate any PLC programming command which is performed to prevent a Triton attack.
Note: This playbook offers a complex flow, and requires configuration by the specific environment.
This playbook currently leverages Incident Trigger which is in Private Preview.
