In plain English what does the XENOTIME (actors behind TRISIS/TRITON) info we released mean, why’d we release it, and what are the implications? Here’s a thread with my thoughts.

We didn’t release much new actually it’s just the new material is significant. The XENOTIME blog largely documents their behavior as it related to TRISIS. The new info is that the team is active in multiple locations and has moved beyond just targeting one vendor’s safety systems

That “is active” and “beyond one vendor” language should bother everyone. It means the adversary is, predictably, continuing to evolve and target safety systems outside just the Middle East and if you have any safety system you should consider the risk.