The U.S. Treasury has sanctioned a Russian government research institution that is connected to the destructive Triton malware.
This was announced in an October 23 press release on the U.S. Treasury's website.
Read alsoMicrosoft records over 13,000 gov't-supported cyber attacks over two years, most originating in Russia"Today, the Department of the Treasury's Office of Foreign Assets Control (OFAC) designated, pursuant to Section 224 of the Countering America's Adversaries Through Sanctions Act (CAATSA), a Russian government research institution that is connected to the destructive Triton malware," the press release said.
The Triton malware – known also as TRISIS and HatMan in open source reporting – was designed specifically to target and manipulate industrial safety systems. Such systems provide for the safe emergency shutdown of industrial processes at critical infrastructure facilities in order to protect human life. The cyber actors behind the Triton malware have been referred to by the private cybersecurity industry as "the most dangerous threat activity publicly known."
"The Russian Government continues to engage in dangerous cyber activities aimed at the United States and our allies," said Secretary Steven T. Mnuchin. "This Administration will continue to aggressively defend the critical infrastructure of the United States from anyone attempting to disrupt it."
In recent years, the Triton malware has been deployed against U.S. partners in the Middle East, and the hackers behind the malware have been reportedly scanning and probing U.S. facilities.