Enlarge /. Oil and gas industry and sunrise at a Fujian refinery
Russian nationals accused of using life-threatening malware specifically designed to tamper with critical security mechanisms in a petrochemical plant are currently being sanctioned by the U.S. Treasury Department.
The attack generated significant concern as it is the first time hackers have used malware that can result in death or injury. That prospect might indeed have materialized had it not been for a fortunate series of events. The hackers, who were linked to a Moscow-based Russian government research laboratory, also targeted a second facility and were caught scanning US power grids.
Now the Ministry of Finance is sanctioning the group known as the State Research Center of the Russian Federation FGUP Central Scientific Research Institute for Chemistry and Mechanics, or its Russian abbreviation TsNIIKhM. According to a provision in the Countering America's Adversaries Through Sanctions Act [CAATSA], the United States designates the center for "knowingly significant activity that affects cybersecurity against any person, including any democratic institution or government, on behalf of the government of the Russian Federation undermine. ”
Dangerous cyber activities
"The Russian government continues to engage in dangerous cyber activities against the United States and our allies," Treasury Secretary Steven T. Mnuchin said in a press release released on Friday. "This administration will continue to aggressively protect the critical infrastructure of the United States from anyone who tries to disrupt it."
As part of the sanctions, any TsNIIKhM property that is or is owned by a US person will be blocked and US persons are generally prohibited from transacting with persons in the group. In addition, any legal entity that is 50 percent or more owned by any of the center's members will also be blocked. Some individuals outside of the United States who transact with TsNIIKhM may be subject to penalties.
The malware used in the attack on the petrochemicals maker was of great concern as it focused on processes known as security instrumented systems. An SIS is a combination of hardware and software used by critical infrastructure locations to prevent unsafe conditions from occurring. For example, if gas fuel pressure or reactor temperatures rise to potentially unsafe thresholds, an SIS automatically closes valves or initiates cooling processes to prevent accidents that are hazardous to health or life threatening. The malware is commonly known as Triton or Trisis as it targets Schneider Electric's Triconex product line.