US Treasury sanctions Russian research institute behind Triton malware
US Treasury sanctions Russian research institute behind Triton malware

US imposed sanctions against Russia’s Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM) on October 23.

A FireEye report published in October 2018 identified CNIIHM as the possible author of the Triton malware.

The Triton malware, also known as Trisis or HatMan, is a piece of malware that was designed to specifically target a certain type of industrial control system (ICS) equipment — namely, Schneider Electric Triconex Safety Instrumented System (SIS) controllers.

According to technical reports from FireEye, Dragos, and Symantec, the malware was distributed via phishing campaigns. Once it infected a workstation, it would search for SIS controllers on a victim’s network, and then attempt to modify the controller’s settings.

Researchers said Triton contained instructions that could either shut down a production process or allow SIS-controlled machinery to work in an unsafe state, creating a risk of explosions and risk to human operators and their lives.

Leave comment