US sanctions Russian government institution tied to malware

© Kirill Kudryavtsev/AFP/Getty Images A Russian flag flies in front of a ruby star atop one of the Kremlin's towers in downtown Moscow on March 13, 2018. Russia will hold presidential elections on March 18, 2018. / AFP PHOTO / Kirill KUDRYAVTSEV (Photo credit should read KIRILL KUDRYAVTSEV/AFP via Getty Images)

The US Treasury Department on Friday announced sanctions on a Russian government research institution linked to a malware system “designed specifically to target and manipulate industrial safety systems.”

Friday’s sanctions are not related to election interference and the designation was made under a section of the Countering America’s Adversaries Through Sanctions Act (CAATSA).

According to Treasury, the State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics (TsNIIKhM) supported an August 2017 cyberattack involving the Triton malware on a petrochemical facility in the Middle East.

“TRITON malware was designed to disable the last line of protection in industrial systems making it possible for hackers with control of those systems to make things very dangerous,” John Hultquist, a senior director at FireEye told CNN Friday. “Without the safety systems that TRITON overruns, human life is in danger.”

Secretary of State Mike Pompeo echoed this assessment in a statement about the sanctions Friday.

“The Triton malware was designed to specifically target and manipulate industrial safety systems. Such systems provide for the safe emergency shutdown of industrial processes at critical infrastructure facilities in order to protect human life,” he said. “Today’s designation of the State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics (TsNIIKhM), a Russian government-controlled research institution responsible for building customized tools that enable Triton malware attacks, highlights the threat the Russian government poses to cybersecurity and critical infrastructure.”

Pompeo said the US “remains steadfast in countering malign cyber activities by Russian actors on behalf of the Government of the Russian Federation.”

“While the Russian government claims to be a responsible actor in cyberspace, it continues to engage in dangerous and malicious activities that threaten the security of the United States and our allies.”

“We will not relent in our efforts to respond to these activities using all the tools at our disposal, including sanctions,” he said.

As a result of the sanctions, “all property and interests in property of TsNIIKhM that are in or come within the possession of U.S. persons are blocked, and U.S. persons are generally prohibited from engaging in transactions with them. Additionally, any entities 50 percent or more owned by one or more designated persons are also blocked. Moreover, non-U.S. persons who engage in certain transactions with TsNIIKhM may themselves be exposed to sanctions.”

Source: CNN