Campaign · all campaigns
Triton Safety Instrumented System AttackC0030 state
🇷🇺 RU
aka Triton Safety Instrumented System Attack
Run by TEMP.Veles
Last updated: 2026-07-03
About this actor
[Triton Safety Instrumented System Attack](https://attack.mitre.org/campaigns/C0030) was a campaign employed by [TEMP.Veles](https://attack.mitre.org/groups/G0088) which leveraged the [Triton](https://attack.mitre.org/software/S1009) malware framework against a petrochemical organization.(Citation: Triton-EENews-2017) The malware and techniques used within this campaign targeted specific Triconex [Safety Controller](https://attack.mitre.org/assets/A0010)s within the environment.(Citation: FireEye TRITON 2018) The incident was eventually discovered due to a safety trip that occurred as a result of an issue in the malware.(Citation: FireEye TRITON 2017)
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
CM-6 | 11 / 18 | 61% |
AC-3 | 10 / 18 | 56% |
CM-2 | 10 / 18 | 56% |
SI-4 | 10 / 18 | 56% |
AC-2 | 9 / 18 | 50% |
AC-6 | 9 / 18 | 50% |
CM-7 | 9 / 18 | 50% |
SI-3 | 8 / 18 | 44% |
AC-5 | 7 / 18 | 39% |
CM-5 | 7 / 18 | 39% |
IA-2 | 7 / 18 | 39% |
CA-7 | 6 / 18 | 33% |
SI-7 | 6 / 18 | 33% |
SI-2 | 5 / 18 | 28% |
CM-8 | 4 / 18 | 22% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- Whitefly 0.32
- C0032 0.28
- Cleaver 0.27
- Blue Mockingbird 0.26
- Aoqin Dragon 0.24
Same nation-state
Same category
- Night Dragon 1.00
- FunnyDream 1.00
- C0011 1.00
- Operation Wocao 1.00
- Operation Dream Job 1.00