The United States remains steadfast in countering malign cyber activities by Russian actors on behalf of the Government of the Russian Federation. Today, we designated a Russian government research institution directly connected to the destructive and life-threatening Triton malware – also known as TRISIS and HatMan– pursuant to Section 224 of the Countering America’s Adversaries Through Sanctions Act.
The Triton malware was designed to specifically target and manipulate industrial safety systems. Such systems provide for the safe emergency shutdown of industrial processes at critical infrastructure facilities in order to protect human life. Today’s designation of the State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics (TsNIIKhM), a Russian government-controlled research institution responsible for building customized tools that enable Triton malware attacks, highlights the threat the Russian government poses to cybersecurity and critical infrastructure. In 2017, a cyber-attack using Triton malware disrupted operations at a petrochemical plant in the Middle East. Additionally, the actors behind the malware have reportedly scanned and probed U.S. facilities.
While the Russian government claims to be a responsible actor in cyberspace, it continues to engage in dangerous and malicious activities that threaten the security of the United States and our allies. We will not relent in our efforts to respond to these activities using all the tools at our disposal, including sanctions.