Cyber Resilience

Campaign · all campaigns

Triton Safety Instrumented System AttackC0030 state

🇷🇺 RU

aka Triton Safety Instrumented System Attack

Run by TEMP.Veles

Last updated: 2026-07-03

0attributed CVEs
18ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[Triton Safety Instrumented System Attack](https://attack.mitre.org/campaigns/C0030) was a campaign employed by [TEMP.Veles](https://attack.mitre.org/groups/G0088) which leveraged the [Triton](https://attack.mitre.org/software/S1009) malware framework against a petrochemical organization.(Citation: Triton-EENews-2017) The malware and techniques used within this campaign targeted specific Triconex [Safety Controller](https://attack.mitre.org/assets/A0010)s within the environment.(Citation: FireEye TRITON 2018) The incident was eventually discovered due to a safety trip that occurred as a result of an issue in the malware.(Citation: FireEye TRITON 2017)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
CM-611 / 1861%
AC-310 / 1856%
CM-210 / 1856%
SI-410 / 1856%
AC-29 / 1850%
AC-69 / 1850%
CM-79 / 1850%
SI-38 / 1844%
AC-57 / 1839%
CM-57 / 1839%
IA-27 / 1839%
CA-76 / 1833%
SI-76 / 1833%
SI-25 / 1828%
CM-84 / 1822%

Co-occurring actors

None.

Similar actors

Similar TTPs