The United States imposed sanctions against Russia’s Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM) on October 23.
The U.S. Treasury Department alleged that CNIIHM was responsible for “building customized tools that enabled the attack” on an unidentified petrochemical facility in the Middle East in 2017.
The Triton malware is a piece of malware that was designed to specifically target a certain type of industrial control system (ICS) equipment — namely, Schneider Electric Triconex Safety Instrumented System (SIS) controllers.
Nathan Brubaker, an analyst with cybersecurity company FireEye – which discovered the software involved – said the apparent intent made it uniquely dangerous because disabling safety systems at a plant like that one could lead to serious consequences, such as a fire or an explosion.
“The acute nature of the threat is what makes it scary,” Brubaker said. “Blowing things up and killing people – that’s terrifying.”