US Treasury Department accuses institute of being ‘connected to’ Triton malware that targets industrial safety systems.
The United States has sanctioned a Russian government research institute, accusing it of being linked to malware that was used in an attack on a petrochemical facility in the Middle East in 2017.
The US Department of the Treasury on Friday accused the State Research Center of Russia’s Central Scientific Research Institute of Chemistry and Mechanics of being “connected to the destructive Triton malware”, which it said was designed to target industrial safety systems.
The department said the research institute was responsible for “building customized tools” that enabled the 2017 attack.
The Treasury statement did not say where exactly the petrochemical facility that was attacked was located. AFP news agency reported that it was a Saudi facility.
“The Russian government continues to engage in dangerous cyber activities aimed at the United States and our allies,” US Treasury Secretary Steven Mnuchin said in a statement.
“This administration will continue to aggressively defend the critical infrastructure of the United States from anyone attempting to disrupt it.”
— Steven Mnuchin (@stevenmnuchin1) October 23, 2020
The Treasury Department said Triton malware has been used against US partners in the Middle East in recent years.
Last year, the attackers behind the malware “were also reported to be scanning and probing at least 20 electric utilities in the United States for vulnerabilities”, the department said in its statement.
“The development and deployment of the Triton malware against our partners is particularly troubling given the Russian government’s involvement in malicious and dangerous cyber-enabled activities,” it said.
The Russian embassy in Washington did not immediately respond to an email from Reuters seeking comment. Russia routinely denies allegations linking it to cyberattacks on foreign soil, the news agency said.
US officials have filed a series of indictments against hackers in Russia, China and Iran in recent weeks, levying sanctions and issuing several warnings about state-backed digital intrusions.
Experts see the flood of activity as an attempt to warn hostile powers away from interfering in the upcoming US presidential elections, which are less than two weeks away.