The Treasury Department's Office of Foreign Assets Control sanctioned a Russian government research institution linked to Triton malware targeting industrial safety systems, the first time the U.S. took such an action for an industrial control system attack.
Treasury Secretary Steve Mnuchin called out the Russian government for continuing “to engage in dangerous cyber activities aimed at the U.S. and its allies.” The State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics built the tools behind a 2017 Triton attack on a petrochemical facility in the Middle East.
The malware, also known as Trisis and Hatman, has been used against U.S. partners in the Middle East, and the agency said in a release that Triton hackers have been reportedly scanning and probing U.S. facilities.
"An OFAC sanction by the U.S. Treasury is significant and compelling; not only will it impact this research institution in Russia, but anyone working with them will have their ability to be successful on the international stage severely hampered,” said Robert Lee, CEO and co-founder of Dragos, Inc.
“The most important aspect of this development, however, is the attribution to Russia for the Trisis attack by the USG officially and the explicit call out of industrial control systems in the sanction,” said Lee. “This is a norm setting moment and the first time an ICS cyberattack has ever been sanctioned.”
He called the sanction “entirely appropriate” since the cyberattack on the petrochemical attack “was the first ever targeted explicitly towards human life. We are fortunate no one died and I'm glad to see governments take a strong stance condemning such attacks."