US sanctions Russian government institution tied to malware2020-10-23 18:45 by Daniela
Tags: malware, Triton
The US Treasury Department announced sanctions today against a Russian research institute for its role in developing Triton, a malware strain designed to attack industrial equipment.
The Triton malware was used by hackers in 2017 to target a petrochemical plant in the Middle East, successfully disrupting operations, and again last year to scan and probe at least 20 U.S. electric facilities for cyber vulnerabilities.
The first attack on Petro Rabigh, in August 2017, compromised industrial controllers made by Schneider Electric, which keep equipment operating safely by regulating voltage, pressure and temperature. Russian hackers used their access to shut off the safety locks in those controllers, leading investigators to believe the attack was most likely intended to cause an explosion that would have killed people.
"The Russian Government continues to engage in dangerous cyber activities aimed at the United States and our allies," Treasury Secretary Steven Mnuchin said in a statement Friday. "This Administration will continue to aggressively defend the critical infrastructure of the United States from anyone attempting to disrupt it."
Friday's sanctions against Russia cap a busy week for U.S. cyber defenses. On Wednesday, federal officials claim that Iranian threat actors are behind two separate email campaigns that assailed Democratic voters this week with threats to "vote for Trump or else." The campaigns claimed to be from violent extremist group Proud Boys.
On Thursday, the Trump administration claimed Iran and Russia hacked local governments local governments and obtained voter registration and other personal data, first reported by NBC News. On Tuesday, the National Security Agency released an advisory warning Chinese state-sponsored actors were exploiting 25 publicly known vulnerabilities. On Monday, the Department of Justice announced charges against six Russian nationals who are allegedly tied to the Sandworm APT.
Read more -here-