Machine (nuclear, oil, gas, paper) destroying cyberweapon got posted to the internet

Trisis has mistakenly been released on the open internet

An elite, government authored cyberweapon has been sitting online in public view for nearly anyone to copy since Dec. 22 because multinational energy technology company Schneider Electric mistakenly posted a sensitive computer file to VirusTotal, three sources familiar with the matter told CyberScoop.

Schneider Electric obtained the file in question, titled “Library.zip,” after collecting evidence during a data breach investigation in the Middle East that focused on an incident at an oil and gas refinery. Library.zip holds the backbone of a dangerous malware framework known as “Trisis” or “Triton,” according to research by U.S. cybersecurity companies Dragos Inc. and FireEye.

The upload to VirusTotal, a public malware repository, provided the remaining puzzle piece needed for someone to reconstruct Trisis from publicly available artifacts. After being posted to VirusTotal, Library.zip proliferated — it was picked up and re-uploaded to various platforms, including GitHub and VirusTotal.

Experts say the unique malware was carefully designed to manipulate safety controllers produced by Schneider Electric that essentially manage industrial equipment in nuclear power plants, oil and gas production facilities, and paper mills. It is just the fifth known malware variant capable of forcing physical damage by taking over industrial control systems (ICS). Trisis could be used by hackers to force a Schneider Electric safety instrumented system (SIS) to malfunction, leading machinery to breakdown or even explode.

According to analysts with FireEye, Symantec and Dragos, Trisis is likely the work of a nation-state.
<snip>

https://www.cyberscoop.com/trisis-virus-total-schneider-electric