Profile picture
Robert M. Lee @RobertMLee
, 8 tweets, 2 min read Read on Twitter
In plain English what does the XENOTIME (actors behind TRISIS/TRITON) info we released mean, why’d we release it, and what are the implications? Here’s a thread with my thoughts.
We didn’t release much new actually it’s just the new material is significant. The XENOTIME blog largely documents their behavior as it related to TRISIS. The new info is that the team is active in multiple locations and has moved beyond just targeting one vendor’s safety systems
That “is active” and “beyond one vendor” language should bother everyone. It means the adversary is, predictably, continuing to evolve and target safety systems outside just the Middle East and if you have any safety system you should consider the risk.
To me this is impactful because it means that engineering/operations must truly consider cyber components to safety systems. I.e. your SIS could be running and yet be entirely useless. It’s not a high probability you’ll be targeted but this isn’t an isolated threat anymore.
We published because information we shared privately was getting leaked anyway but we would have shared eventually anyway that the targeting is enhanced in scope. Nothing sensitive and just an update on an existing threat. But it’s substantial and folks should know.
The good news: it’s not about zero days and unknown tradecraft. It’s highly documented methods and tradecraft. Any level of industrial monitoring and threat detection should really not have a hard time identifying this activity. You just have to be looking.
The bad news: if you’re targeting safety systems you either intend to, or are just ok with, killing people. It doesn’t mean it’s imminent but it’s a reality. So people need to take this seriously. It’s not something we can bury our heads in the sand as a community on.
I don’t ever get hyped out and I hate FUD. But Xenotime bothers me to my core. It doesn’t need hyped because folks in the ICS security community understand the importance of this. Now we all have to go to work. And we can get it done.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Robert M. Lee
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @RobertMLee see all

Profile picture
Thread: the same Bloomberg journalists that covered the Super Micro story have covered technical stories that I’ve been involved in calling out before. I have nothing to add on the Super Micro story but here’s my experience with the journalists (1/x)
There are likely other examples but the first time I remember reading anything from these journalists was the Chattanooga APT story where a cybersecurity company pitched them “ICS honeypots” (opening ICS ports shouldn’t be considered ICS honeypots) and connections to them.
The story can be found here bloomberg.com/news/2014-09-3… and essentially (before its correction) was extremely hyped up and biased while pushing you could do attribution based off IP addresses alone. If positioned Chattanooga as a hub of cyber attacks on ICS
Read 16 tweets
Profile picture
Thread: It’s easy to understand why people come to the conclusion that Russia and China have “implants” to cause blackouts buried throughout our grid. It’s not true though. A few thoughts...
First, if you read the articles and click through to the stories they cite. The claim is actually never supported. Specifically this notion that there are hundreds of utilities with malware waiting to br activated to cause blackouts. Legitimately isn’t even sourced
So the burden of proof is entirely on the authors. The rest of us don’t have to disprove anything - the claim isn’t supported. Unfortunately, hype spirals and spreads quickly. So let’s diagnose a few key points.
Read 14 tweets
Profile picture
The warnings of the threats are extremely important as they are becoming more frequent. But much of the language in these articles is not helpful and often misleading
As an example this article, and many like it, use subtle word choices like noting that penetrating the control centers was “easy” and that it was “hundreds of victims” but not necessarily hundreds of control centers which is what they’re referring to when discussing “black outs”
Then there’s the almost mocking note that supposedly these networks were supposed to be air gapped; except no one serious in the discussion considers control centers for electric grid functionality air gapped. It’s subtle but positions that this is a shock but it’s not
Read 8 tweets

Related threads

Profile picture
STRATEGY TO 10X YOUR SALES IN 2019!

If you run any kind of business that requires sales of product or service, gather here on this #thread.

Let me show you how to increase your sales.

Powered by #SideHustleWithAbbey
It’s no more doubt every business has gotta get online and maximize the traffic that exists on the internet, but the truth is...

So many businesses are still finding it difficult harnessing the online presence.

Now, it’s not by merely putting your business on social media or
..having a fanpage, yes those are good BUT are not better let alone best.

So what are these strategies????

Simple! I’m going to make this very short and concise - straight to the point.

I’m going to be using example of one business I love the way the owner is pushing...
Read 21 tweets
Profile picture
BedsForFans.com - Couch surfing for Travelling Fans!

I am going to finish off the Build and Launch of @BedsForFans in next 10 Days 🔥 (rather it is just 9 days left as of today!)

I will build/Launch it in open with daily updates here! Follow this #Thread #BedsForFans!
You could also follow my journey at @GetMakerlog - getmakerlog.com/@sainathkm!
Day 1 (16.12.2018) Completed! #BedsForFans

✅ List Home Page Step based Form
✅ Approve/Reject Home Request
✅ Cancellation of other Request wrt single Approval
✅ User Profile Update Info Bar
✅ Restrict Home Request to max 2
✅ Show Request which is pending decisions
Read 17 tweets
Profile picture
Here’s a #thread about #judges and #judges’ opinions. I don’t want to name names. I’m hoping Twitterland will get the word out. It’s important, to that small audience at least. It’s about a lack of awareness and humility 1/
So there’s this emerging cadre of judges who write opinions that seem clever and erudite and get some adoring attention. But here’s the thing. At a conference of pretty bright academics of various persuasions and we have two things we seem to all think about those opinions 2/
The first is a little catty; the second is deadly serious. They both matter. (And I’m not naming names of judges or academics but you know who you are.) 3/
Read 8 tweets
Profile picture
#Thread: Rough translation on Rajini's recent statement on RMM activities.

I'd like to clarify the false rumors stating RMM works are happening without my permission. All activities regarding RMM are happening with my knowledge & permission.

#RajinikanthPoliticalRevolution
Already by last year May month, I said that "I won't allow people near me who have thoughts of getting posts & earning money when I enter politics. So, those people stay away right now."

#RajinikanthPoliticalRevolution #Thread #Rajinikanth
Didn't say it for word-sake. We are entering politics to bring out a new political culture for a good political change. If we've to do politics like others, why should we enter politics?

#RajinikanthPoliticalRevolution #Thread #Rajinikanth
Read 15 tweets
Profile picture
Today, I found out that some young people I know (ages 15 and 16) are in 'school' Whatsapp groups with teachers.

I salute the dedication of teachers who go beyond, but I think this a very dangerous breach of privacy / work-play balance, and must be stopped.

Here's why: #Thread
1) You cannot join a Whatsapp group without revealing your phone number. This is an immediate risk for minors - the room for abuse is so large I'm stunned that schools allow this. Pedophilia, sexual predation, grooming - all possible when adults have kids' phone numbers.
2) There is also risk of harassment by other kids. I remember my friends in high school (esp girls) who kept phone numbers very private, because they didn't want to be constantly bombarded.

When a teacher makes you join, there's no opt out. Everyone gets your phone number.
Read 13 tweets
Profile picture
The Creators of the World’s Misfortunes
by Joseph Goebbels
"One could not understand this #war if one did not always keep in mind the fact that International J//ewry stands behind all the unnatural forces that our united enemies use to attempt to deceive the world and keep humanity in the dark.
"It is, so to speak, the mortar that holds the enemy coalition firmly together, despite its differences of class, ideology, and interests.
Read 87 tweets

Trending hashtags

#misfortunes #np #Microsoft #Germany #Churchill #providence #peoples #ThirdTerm #learning #marriage #soldier #freedom #TrumpLiesMatter #MachineLearning #crimes #expel #Sabarimala #dying #danger #DigitalIndia #impoverished #broadcasts #blockchain #JimCrow #Wow

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!