As mentioned Doug Olenick in his recent paper on SC MAGAZINE, cyber security researcher of FireEye has tracked the signature of Triton attack vector and has discovered that this attack had also targeted a Saudi Arabia infrastructure. Nothing important occurred as the system shut down before any dommage due to the malware activity.
This discovery shows that, even specific attack vector, could be reused any attacker to perform more than one attack and, and in a certain sense, to amortize the development costs of such “tools”. In addition, ICS seems always to be a good candidate of target for cyber activist.
See the complete article here