USA imposed sanctions against research institutes of chemistry and mechanics for virus software Triton

The United States has imposed sanctions on a Russian research institute related to cyber attacks on the security systems of chemical plants. The administration of US President Donald Trump is confident that it is the Central Research Institute of Chemistry and Mechanics (TsNIIHM) that is responsible for cyberattacks on the critical infrastructure of US allies in the Middle East. This was reported on the website of the US Treasury Department.

New sanctions against Russia

The US Treasury on Friday announced sanctions against a Russian government research institution linked to a malware system “designed specifically to target and manipulate industrial security systems.”

However, the United States noted that the sanctions against Russia on Friday were not related to election interference. The charges were brought under a section of the Countering America’s Adversaries Through Sanctions Act (CAATSA).

According to the Ministry of Finance, the State Research Center of the Russian Federation FSUE Central Research Institute of Chemistry and Mechanics (TsNIIHM) supported a cyberattack in August 2017 using Triton malware on a petrochemical facility in the Middle East.

“The TRITON malware was designed to disable the last line of defense in industrial systems, allowing the hackers who control those systems to make things very dangerous,” John Haltqvist, senior director of FireEye, told CNN on Friday. “Without the safety systems that TRITON uses, human life is in danger.”

“The Russian government continues to engage in dangerous cyber activities directed against the United States and our allies,” Treasury Secretary Stephen T. Mnuchin said in his latest statement. “The presidential administration will continue to aggressively defend the critical infrastructure of the United States from anyone who tries to disrupt it.”

The cyberattack, which was announced in the US on Friday evening, allowed the US to impose sanctions on the Central Research Institute of Chemistry and Mechanics, described in the documents as “a government agency located in Moscow that was previously associated with Triton by the American cybersecurity firm FireEye Inc.” US researchers have linked the Triton discovered in 2017 to an attack on a Saudi petrochemical plant. As a result of this attack, the Safety Shutdown, which was considered critical to protect against catastrophic events, was disrupted and disabled, leading to an investigation that revealed malware.

What virus are we talking about?

John Haltqvist, director of intelligence analysis at FireEye, said that Triton, also known as Trisis, was “potentially the most dangerous tool we have ever encountered” due to its ability to disrupt factory safety systems with deadly consequences.

According to Mr. Haltqvist, Triton hacked production control systems in many countries in the Middle East, and Russia was seen attacking American systems as well, although none of these operations led to successful incursions.



“The Triton malware was designed specifically to target and manipulate industrial security systems,” said Secretary of State Mike Pompeo. “Such systems provide safe emergency shutdown of production processes at critical infrastructure facilities in order to protect human life.”

“While the Russian government claims to be a responsible player in cyberspace, it continues to engage in dangerous and malicious activities that threaten the security of the United States and our allies. We will not slacken our efforts to respond to these actions using all the tools at our disposal, including sanctions, ”he concluded.

How did Russia respond to the accusations?

The Russian Ambassador called the US sanctions against the Research Institute of Chemistry illegitimate. Anatoly Antonov said that Russia does not conduct offensive operations in the cyber sphere, “unlike the United States,” and urged the United States to abandon “unfounded attacks.” In Washington, it is believed that the Research Institute of Chemistry and Mechanics was involved in the hacker attack.

“We completely reject the charges brought by the administration against the Federal State Unitary Enterprise“ Central Scientific Research Institute of Chemistry and Mechanics ”. We again emphasize the illegitimacy of any unilateral restrictions, ”the ambassador said. His answer is posted on the embassy’s Facebook page.

Antonov again called on the United States to “abandon the vicious practice of unfounded attacks.” “We proceed from the fact that the interests of our countries are in line with a professional dialogue on international information security, which the President of the Russian Federation Vladimir Putin proposed to restore,” the ambassador concluded.

What will the sanctions lead to?

As a result of the sanctions, “all property and interests in the property of TsNIIHM, which are or are in the possession of US citizens, are blocked, and US persons are generally prohibited from performing transactions with them. In addition, any legal entities 50 percent or more owned by one or more of the specified entities are also blocked. Moreover, non-American persons who participate in certain transactions with TsNIIHM may themselves be subject to sanctions”.