Treasury sanctions Russian government institute for malware

The U.S. Treasury Department said Friday it would sanction a Russian government research institute connected to a piece of malicious software.

The malware, called Triton, was designed to “target and manipulate industrial safety systems,” Treasury said in a statement. The State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics supported an August 2017 cyber-attack on an unidentified petrochemical facility in the Middle East using the malware, Treasury said.

“The Russian Government continues to engage in dangerous cyber-activities aimed at the United States and our allies,” Treasury Secretary Steven Mnuchin said in the statement. “This administration will continue to aggressively defend the critical infrastructure of the United States from anyone attempting to disrupt it.”

Under the sanctions, all U.S.-based assets of the research institute “are blocked,” and Americans are prohibited from engaging with the organization. Also, any majority owned subsidiaries of the research institute are “blocked,” according to the Treasury Department’s statement.

The sanctions came two days after the U.S. accused Iran and Russia of targeting voters in election meddling operations, and a day after the Treasury Department sanctioned five Iranian entities, including the Islamic Revolutionary Guard Corps, for their role in disseminating disinformation aimed at misleading U.S. voters.

Treasury’s actions deliver long-awaited punishment to a Russian entity that helped deliver a near-fatal cyber-attack in the Middle East in 2017, said Rob Lee, founder of the industrial security firm Dragos Inc.. The facility under attack automatically shut down after many of its industrial control systems entered into a failed safe state, preventing the malware’s full functionality from being deployed, according to the Treasury Department.

Researchers concluded that Triton was designed to not only usurp control of the infected devices but was capable of inflicting physical damage and loss of life by causing explosions.

“Seeing the government use sanctions and its tools of power focused on a foreign government and its institutions instead of just naming and shaming individuals is a very positive step,” Lee said. Noting that the attack targeted civilian infrastructure and human life, he added, “We are very fortunate people didn’t die as the adversary had intended. Sending a strong message with multiple tools of power is exactly what I’d hope to see from governments around the world.”