Treasury sanctions Russian group accused of targeting critical facilities

The Treasury Department’s Office of Foreign Assets Control on Friday sanctioned a Russian government research institution for alleged use of a dangerous malware virus to target critical infrastructure facilities in the U.S. and in the Middle East.

The sanctions were levied against the State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics, or TsNIIKhM, which, according to the Treasury Department, used a malware virus known as “Triton” to target and manipulate control systems used to shut down critical infrastructure facilities in the event of an emergency in order to save lives.

The Triton malware was used by hackers in 2017 to target a petrochemical plant in the Middle East, successfully disrupting operations, and again last year to scan and probe at least 20 U.S. electric facilities for cyber vulnerabilities.

“The Russian Government continues to engage in dangerous cyber activities aimed at the United States and our allies,” Treasury Secretary Steven Mnuchin said in a statement Friday.

“This Administration will continue to aggressively defend the critical infrastructure of the United States from anyone attempting to disrupt it.”

Secretary of State Mike Pompeo said in a separate statement that “the United States remains steadfast in countering malign cyber activities by Russian actors on behalf of the Government of the Russian Federation.”