“Russia and Iran are looking to conduct disruptive cyber-attacks on OT [operational technology] targets in the Middle East in a bid to disrupt industrial production.”, says FireEye, a major Security Solutions provider.
Experts are predicting that the operation will involve Triton malware that targets safety systems at industrial plants and destroys physical equipment.
State-sponsored or advanced persistent threat (APT) groups such as APT33, APT34, APT35 and APT39 are from Iran and their victims belong to every sector in the Middle East.
Recent Indicators of Compromise for the Triton malware are given below.
Disruption of Industrial processes
Indicators of Compromise
Malware Hash (MD5/SHA1/SH256)