The Treasury Department has sanctioned a Russian government research lab for developing the Triton malware designed to manipulate safety systems at critical infrastructure facilities. Treasury has frozen the lab's assets in the United States and prohibited U.S. persons from engaging in transactions with it.
More from Treasury:
- Treasury said the lab, the State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics (TsNIIKhM), was behind a 2017 attack on a petrochemical facility in the Middle East.
- TsNIIKhm launched a phishing attack against the petrochemical facility, which successfully deployed the malware onto its systems.
- During the attack, the facility shut down after several of the industrial control systems entered into a fail-safe state, preventing the malware’s full functionality from being deployed.
- The Triton attackers were also reported to be scanning and probing at least 20 electric utilities in the U.S. for vulnerabilities.