Triton, also called Trisis, has targeted industrial control systems in Mideast. Researchers at FireEye link malware to Russian state-sponsored hackers. Malware first came to light after a disruptive critical-infrastructure attack on Saudi oil giant Petro Rabigh in 2017. Researchers say it is the second known attack of the Russia-linked malware, which shut down an oil refinery in 2017, this time at an undisclosed company in the Middle East. In this second attack, the adversaries were lurking in the target network for almost a year before gaining access to a engineering workstation.
Source: https://threatpost.com/triton-ics-malware-second-victim/143658/