The Largest Security-Cleared Career Network for Defense and Intelligence Jobs - JOIN NOW

Homeland Security

[ rfe/rl banner ]

U.S. Sanctions Russian Research Institution Tied to Malware That Targets Industrial Systems

By RFE/RL October 23, 2020

The United States has sanctioned a Russian government research institute connected to the development of a computer malware capable of targeting industrial safety systems and causing catastrophic damage.

The U.S. Treasury Department announced on October 23 that the Central Scientific Research Institute of Chemistry and Mechanics--also known by its Russian acronym TsNIIKhM--has been added to the sanctions list.

It said the institute is "connected to the destructive Triton malware" designed to target and manipulate industrial safety systems that provide for the safe emergency shutdown of industrial processes at critical infrastructure facilities in order to protect human life.

The cyber actors behind the Triton malware have been referred to by the private cybersecurity industry as "the most dangerous threat activity publicly known," the Treasury Department said in a news release.

"The Russian Government continues to engage in dangerous cyber activities aimed at the United States and our allies," said Treasury Secretary Steven Mnuchin. "This administration will continue to aggressively defend the critical infrastructure of the United States from anyone attempting to disrupt it."

The Treasury Department said the malware was deployed using phishing techniques against a U.S. partner in the Middle East in August 2017 in an attack against an unidentified petrochemical facility. TsNIIKhM was "responsible for building customized tools that enabled the attack," the department said.

The attack raised concern among the cybersecurity community when it was made public because, unlike typical intrusions aimed at stealing data or holding data for ransom, it appeared aimed at causing physical damage to the facility by disabling its safety system.

"Researchers who investigated the cyberattack and the malware reported that Triton was designed to give the attackers complete control of infected systems and had the capability to cause significant physical damage and loss of life," the Treasury Department said.

It added that in 2019 the attackers behind the Triton malware were reported to be probing at least 20 electric utilities in the United States for vulnerabilities.

The press office of the Russian Embassy in Washington did not respond to an e-mail from RFE/RL seeking comment. Russia routinely denies allegations linking it to cyberattacks.

The sanctions ban Americans or U.S.-based organizations from doing business with the designated institution and freeze any assets it might have in U.S. jurisdiction.

With reporting by Reuters and AFP.

Source: https://www.rferl.org/a/u-s-sanctions-russian- research-institution-tied-to-malware-that -targets-industrial-systems/30909578.html

Copyright (c) 2020. RFE/RL, Inc. Reprinted with the permission of Radio Free Europe/Radio Liberty, 1201 Connecticut Ave., N.W. Washington DC 20036.



NEWSLETTER
Join the GlobalSecurity.org mailing list