We're sorry but your browser is not supported by Marsh.com.au

For the best experience, please upgrade to a supported browser:


Research and Briefings

Triton – The Deadly New Industrial Cyberweapon


The lines between the digital and the physical world are becoming increasingly intertwined and the effects of viruses and malware which have previously been confined to cyberspace are now having physical consequences in the real world.

Triton is the ‘new kid’ on the malware block. It was first spotted in 2017 when it was used against a petrochemical plant owned by Tasnee in Saudi Arabia[i]. Also known as Trisis, it has been engineered to target a specific type of industrial control system (ICS), namely the Triconex safety instrumented systems (SIS) controllers developed by Schneider Electric.[ii]

The Triton malware is especially concerning as the sole purpose of the code is to, via these SIS systems, cause process shutdowns and tamper with emergency controls – in particular the failsafe functions that prevent catastrophic industrial accidents.

In this client briefing, our Cyber team outlines:

  • how the Triton hackers operated in the case of the Tasnee Plant;
  • industries that could be in the crosshairs and;
  • pre-emptive measures that organisations can take today.

[i] Perlroth, N. and Krauss, C. (2018). A Cyberattack in Saudi Arabia Had a Deadly Goal. Experts Fear Another Try.. [online] Nytimes.com. Available at: https://www.nytimes.com/2018/03/15/technology/saudi-arabia-hacks-cyberattacks.html [Accessed 6 Jun. 2019].

[ii] Osborne, C. (2019). Triton hackers return with new, covert industrial attack | ZDNet. [online] ZDNet. Available at: https://www.zdnet.com/article/triton-hackers-return-with-new-industrial-attack/ [Accessed 6 Jun. 2019].

Marsh Pty Ltd (ABN 86 004 651 512, AFSL 238983) arrange insurance and are not an insurer. Any statements concerning legal matters are based solely on our experience as insurance brokers and risk consultants and are not to be relied upon as legal advice, for which you should consult your own professional advisors. This document is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. The information contained herein is based on sources we believe reliable, but we make no representation or warranty as to its accuracy.  Marsh shall have no obligation to update this publication and shall have no liability to you or any other party arising out of this publication or any matter contained herein. Marsh makes no representation or warranty concerning the application of policy wordings or the financial condition or solvency of insurers or re-insurers. Marsh makes no assurances regarding the availability, cost, or terms of insurance coverage.

Marsh Pty Ltd (ABN 86 004 651 512, AFSL 238983) (“Marsh”) arrange this insurance and is not the insurer. The Discretionary Trust Arrangement is issued by the Trustee, JLT Group Services Pty Ltd (ABN 26 004 485 214, AFSL 417964) (“JGS”). JGS is part of the Marsh group of companies. Any advice in relation to the Discretionary Trust Arrangement is provided by JLT Risk Solutions Pty Ltd (ABN 69 009 098 864, AFSL 226827) which is a related entity of Marsh. The cover provided by the Discretionary Trust Arrangement is subject to the Trustee’s discretion and/or the relevant policy terms, conditions and exclusions. This website contains general information, does not take into account your individual objectives, financial situation or needs and may not suit your personal circumstances. For full details of the terms, conditions and limitations of the covers and before making any decision about whether to acquire a product, refer to the specific policy wordings and/or Product Disclosure Statements available from JLT Risk Solutions on request. Full information can be found in the JLT Risk Solutions Financial Services Guide.