TRITON’s Tactics and Techniques in the Enterprise domain + mitigations – Part 4
In part 4 of the TRITON tactics and technics series come the Credential Access techniques for stealing credentials like account names and passwords. Techniques used to get credentials include keylogging or credential dumping. Using legitimate credentials can give adversaries access to systems, make them harder to detect, and provide the opportunity to create more accounts to help achieve their goals. These techniques have been mapped by MITRE ATT&CK in their universally renowned knowledge base of adversary tactics and techniques based on real-world observations.
As a reminder, TRITON malware was first identified during an attack on a Saudi Arabian petrochemical plant facility in the year 2017 and it targets Schneider Electric’s Triconex Tricon controllers. This was the first time in history that safety instrumented systems were targeted with the intention to fail, potentially leading to serious damage to property and humans.
Next week, we will present the Discovery techniques of the TRITON malware.
About this article
This article was based on a Cybersecurity Advisory by CISA. You can read the full CSA here.