US sanctions Russian research institute over suspicious malware

World Saturday 24/October/2020 14:51 PM
By: DW
US sanctions Russian research institute over suspicious malware

The United States has imposed sanctions on a Russian government research institute it claimed had developed tools enabling a cyberattack on an undisclosed Middle Eastern petrochemical company in 2017.

In a statement on Friday, the US Treasury Department said Russia's Research Institute of Chemistry and Mechanics (TsNIIKhM) had supported the attack, which used Triton malware to target the company's critical infrastructure. 

"The Russian government continues to engage in dangerous cyber activities aimed at the United States and our allies," said Treasury Secretary Steven Mnuchin. "This administration will continue to aggressively defend the critical infrastructure of the United States from anyone attempting to disrupt it." 

Washington said TsNIIKhM was responsible for "building customized tools that enabled the attack" on the facility that resulted in major industrial damage. 

Triton is specially developed to target industrial plants and security systems. Experts warned the malware appeared to cause physical damage to the facility itself by disabling its safety system. 

'​​Unfounded accusations'

In response to the sanctions, Moscow urged Washington to abandon the "vicious practice of unfounded accusations," calling the sanctions illegitimate.

"We emphasize once again the illegitimacy of any one-sided restrictions. Russia, unlike the United States, does not conduct offensive operations in cyber domain," Anatoly Antonov, Russia's ambassador to the US, said on social media. 

TsNIIKhM has been blocked from carrying out any business with US citizens, and non-US citizens or firms that do business with TsNIIKhM could be exposed to sanctions as well. 

The Treasury's statement, though not specific, appeared to be referring to an attack on a Saudi oil refinery in mid-2017. 

Washington said researchers who had investigated the 2017 attack found the malware was "designed to give the attackers complete control of infected systems and had the capability to cause significant physical damage and loss of life." 

The US has filed a series of indictments against hackers in Russia, China and Iran in recent weeks, imposing sanctions and issuing several warnings.