Monday, November 23, 23:59
Home youtube US: Sanctions on a Russian institute for the development of Triton malware!

US: Sanctions on a Russian institute for the development of Triton malware!

The US Treasury Department announced sanctions late last week on a Russian research institute allegedly involved in the development of Triton, a malware strain designed to attack industries. This is State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics, also known as CNIIHM or TsNIIKhM.

A report of FireEye released in October 2018 recognized CNIIHM as the possible creator of Triton malware. Triton malware, also known as Trisis or HatMan, was designed to specifically target a specific type of Industrial Control System (ICS) equipment to Schneider Electric Triconex Safety Instrumented System (SIS) controllers.

US: Sanctions on a Russian institute for the development of Triton malware!

According to technical reports from FireEye, Dragos and Symantec, the malware was distributed through Phishing campaigns. As soon as it managed to infect a workstation, it looked for SIS controllers in network a victim and then tried to modify the controller settings.

The researchers said the Triton contained instructions that could either shut down a production process or push SIS-controlled machines into an unsafe state, creating an explosion hazard but also endangering the lives of the people who operate the machines. .

US: Sanctions on a Russian institute for the development of Triton malware!

The malware was first detected in 2017, after being successfully used during an intrusion into a petrochemical plant in Saudi Arabia owned by Tasnee. During the attack of malware, it almost exploded.

Since then, malware has targeted numerous companies around the world. In addition, the team behind it - known as TEMP.Veles or Xenotime - has targeted at least 20 U.S. power services, which it has been scanning for vulnerabilities.

US: Sanctions on a Russian institute for the development of Triton malware!

Sanctions now imposed on the Russian research institute prohibit US entities from interacting with the CNIIHM, while providing for the seizure of any assets held by the institute in the US.
Minister Steven T. Mutsin commented on the incident, saying that the Russian government continues to carry out dangerous activities in cyberspace targeting the US and its allies. He also stressed that the US government will continue to protect the critical infrastructure of the country from anyone who tries to disrupt it.

Earlier last week, the US Department of Justice filed charges against six hacker of the Sandworm team, who allegedly developed the NotPetya, KillDisk, BlackEnergy and OlympicDestroyer malware. At the same time, the CISA and the FBI revealed a recent hacking campaign, behind which is the Russian team "Energetic Bear". The EU has also imposed sanctions on two Russian military intelligence officers for their role in hacking German Parliament the 2015.

However, as several security researchers have pointed out in Twitter, shortly after the announcement of the sanctions imposed by the Ministry of Finance, the US may not benefit from this move, as in the past they have carried out attacks against industrial systems through the development of Stuxnet malware against Iran's nuclear program in 2010.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


Details of Spotify users were exposed by hackers

A hacking team has gained unauthorized access to 350.000 Spotify accounts on the music streaming service. To achieve this ...

Black Friday: Tips for Secure Online Shopping

Black Friday and Cyber ​​Monday are two of the busiest days for online shopping. And of course ...

Photoshop: How to restore the old mode of Free Transform

Adobe recently changed the way Free Transform works. But you can restore the old way of working ...

EU: Ready to end end-to-end encryption?

End-to-end encryption is a security tool used by various applications, including Facebook Messenger, WhatsApp and Signal, for further ...

How to disable the "welcome tips" after the Windows 10 update

Windows 10 after an update sometimes opens a window with tips to show you what's new for ...

The Windows 10 KB4586819 update fixes several issues

Microsoft has released the cumulative non-security update KB4586819 preview for Windows 10 versions 1809, 1903 and 1909, with various fixes ...

Drupal websites are vulnerable to double-extension attacks!

The team behind Drupal Content Management System (CMS) released some security updates this week to fix a critical ...

Face recognition can identify bears and cows

Face recognition can be used to identify various animals such as bears and cows!

Google Workspace: How it unlocked the subscription software market

In fact, Google has made it easier for smaller players. A startup that starts in 2020 ...

Black Friday with online offers in COSMOTE and GERMANO

Press Release: Black Friday with online offers at COSMOTE and GERMANO November 23, 2020