SecurityWeek’s ICS Cyber Security Conference is the conference where ICS users, ICS vendors, system security providers and government representatives meet to discuss the latest cyber-incidents, analyze their causes and cooperate on solutions.


What are you looking for?

>Uncategorized >[Video] Hunting for Xenotime, Creators of TRITON-TRISIS ICS Malware

[Video] Hunting for Xenotime, Creators of TRITON-TRISIS ICS Malware

Presented at SecurityWeek’s 2018 ICS Cyber Security Conference


  • Robert Lee – CEO, Dragos
  • Marc Seitz – Threat Analyst, Dragos

The activity group responsible for the TRISIS/TRITON malware is identified as XENOTIME. After the attack on the safety instrumented system in 2017 the group remained active targeting other environments with different safety systems in other regions of the world. Hunting for the behaviors of this group allows defenders to not only search for existing threats but also identify new threats leveraging such behaviors and prepare confidently to detect and respond to such incidents. In this presentation audience members heard unique insights into the threat and how the Threat Hunt Cycle can be leveraged to provide actionable recommendations on building a collection management framework and applying hypothesis-led threat hunting to test out their collection while creating playbooks for how to effectively and efficiently identify and respond to attacks.

Add Comment