Serviceteam IT Security News

The United States Treasury has imposed sanctions on a Russian state-funded research institute that was linked to malware used in an attack on a Middle East petrochemical facility.

In October 2018, researchers at FireEye attributed industrial control system (ICS) intrusion activity known as TRITON to a professor at the Moscow-based Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM). The malware is known also as TRISIS and HatMan in open source reporting.

TRITON was deployed against a Saudi Arabian petrochemical facility in August 2017, where it was observed targeting emergency shutdown capabilities for industrial processes. 

Researchers who investigated the cyber-attack reported that the malware was designed to give the attackers complete control of infected systems and had the capability to cause significant physical damage and loss of life. 

The Treasury Department said that CNIIHM built customized tools that enabled the assault, producing malware designed to tamper with the facility’s critical safety mechanisms.  

“The Russian Government continues to engage in dangerous cyber activities aimed at the United States and our allies,” said Secretary Steven Mnuchin. “This Administration will continue to aggressively defend the critical infrastructure of the United States from anyone attempting to disrupt it.”

In a designation released October 23, the department said that the institute is “connected to the destructive TRITON malware” which “was designed specifically to target and manipulate industrial safety systems.”

According to the department, TRITON’s operators had turned their attention to targets in the United States. 

“In 2019, the attackers behind the Triton malware were also reported to be scanning and probing at least 20 electric utilities in the United States for vulnerabilities,” said the department.

As a result of the sanctions on CNIIHM, people in the United States are prohibited from engaging in transactions with the institute. 

“While the Russian government claims to be a responsible actor in cyberspace, it continues to engage in dangerous and malicious activities that threaten the security of the United States and our allies,” said US Secretary of State Mike Pompeo.

“We will not relent in our efforts to respond to these activities using all the tools at our disposal, including sanctions.”

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!