Three years after a potentially devastating cyberattack on an oil refinery in Saudi Arabia, the US government has imposed sanctions on a Russian research centre. The US Treasury Department announced on Friday (local time) that the attack software, known under the name Triton, was used by the Institute for Chemistry and Mechanics. The sanctions will prevent the Moscow facility from doing business with US individuals and companies, among other things.
Triton is one of the few malware programs known to date that was specially developed for attacks on industrial plants. The software was rated by experts as particularly dangerous because it targets the security components of the systems.
This could lead to the destruction of entire systems, warned the IT security company FireEye, which analyzed the software after the 2017 attack. In October 2018, Fireeye established a connection to the Moscow institute, from whose network Triton had been tested. During the attack in summer 2017, the control systems of the Saudi oil refinery went down.
According to the findings of the IT security company Dragos, the Triton developers also researched energy infrastructure in the USA in 2019.
Russian Government Denial All Allegation
The Russian Ambassador to Washington, Anatoly Antonov, rejected the allegations made by the US authorities. Unilateral sanctions are unlawful. Antonov demanded to end the constant attacks against Russia. Unlike the US, Russia does not carry out attacks in the cybersphere.
Such harmful actions on the Internet contradict the principles of Russian foreign policy and national interests as well as the understanding of international contacts, he said.
Other known attacks on industrial infrastructure were the Stuxnet attack on centrifuges for uranium enrichment in the Iranian nuclear weapons program more than a decade ago, as well as the use of malware in 2016 in Ukraine, in which the energy supply was interrupted in parts of Ukraine.
Beautiful one