26 October 2020

US Treasury slaps sanctions on Russian Institution linked to Triton malware


US Treasury slaps sanctions on Russian Institution linked to Triton malware

The US Treasury Department announced sanctions on Friday against a Russian government research institute that it says is connected to the destructive Triton (aka HatMan or Trisis) malware designed to target industrial safety systems.

The sanctions were imposed against the State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics (also known as CNIIHM or TsNIIKhM), which the US Treasury said was behind the 2017 cyber-attack involving the Triton malware on a petrochemical facility in the Middle East.

In the attack the malicious actor attempted to tamper with the facility’s ICS controllers using the Triton malware, which was delivered via a phishing attack. However, during the attack, the facility automatically shut down after several of the ICS controllers entered into a failed safe state, preventing the malware’s full functionality from being deployed.

“Researchers who investigated the cyber-attack and the malware reported that Triton was designed to give the attackers complete control of infected systems and had the capability to cause significant physical damage and loss of life,” the US Treasury said in a press release.

Last year, the attackers behind the Triton malware were also observed conducting scans and probing at least 20 electric utilities in the US for vulnerabilities.

The sanctions prohibit US entities from engaging with CNIIHM and also seize any of the research institute's US-based assets.

“As a result of today’s designation, all property and interests in property of TsNIIKhM that are in or come within the possession of U.S. persons are blocked, and U.S. persons are generally prohibited from engaging in transactions with them. Additionally, any entities 50 percent or more owned by one or more designated persons are also blocked. Moreover, non-U.S. persons who engage in certain transactions with TsNIIKhM may themselves be exposed to sanctions,” the US Treasury said.

Back to the list

Latest Posts

Two Romanians arrested for running malware services

Two Romanians arrested for running malware services

The duo allegedly operated the CyberSeal and Dataprotector crypting services, as well as the CyberScan service, which allowed their customers to test their malware against antivirus solutions.
23 November 2020
Manchester United discloses a ‘sophisticated’ cyber attack

Manchester United discloses a ‘sophisticated’ cyber attack

United officials said that are not aware of any breach of personal data associated with club's fans and customers.
23 November 2020
Hacker shares a list of nearly 50,000 vulnerable Fortinet VPN devices

Hacker shares a list of nearly 50,000 vulnerable Fortinet VPN devices

The list of vulnerable targets includes domains belonging to large enterprises, financial institutions, and government organizations from all over the world.
23 November 2020