U.S. sanctions Russian institute linked to dangerous malware

Washington (Reuters) – Washington imposed sanctions on Friday on a Russian research institute tied to the development of a dangerous computer program capable of causing catastrophic industrial damage.

The U.S. Treasury Department alleged that the Russian government-backed Central Scientific Research Institute of Chemistry and Mechanics – also known by its Russian acronym, TsNIIKhM – was responsible for “building customized tools that enabled the attack” on an unidentified petrochemical facility in the Middle East in 2017.

The attack electrified the cybersecurity community when it was made public by researchers later that year because – unlike typical digital intrusions aimed at stealing data or holding it for ransom – it appeared aimed at causing physical damage to the facility itself by disabling its safety system.

The Treasury cited researchers who investigated the attack as saying the software involved – dubbed “Triton” – “had the capability to cause significant physical damage and loss of life.”

Treasury added that, last year, the attackers behind the Triton malware were reported to be scanning and probing at least 20 electric utilities in the United States for vulnerabilities.

The Russian embassy in Washington did not immediately respond to an email seeking comment. Russia routinely denies allegations linking it to cyberattacks on foreign soil.