1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites
PoliticsEurope

US sanctions Russian research institute over malware

October 24, 2020

Washington has blocked a Russian research center for allegedly building tools that would enable a dangerous computer program capable of causing mass industrial damage. Moscow has slammed the accusations as baseless.

An image showing a laptop screen with lines of code
Image: picture alliance / Alexey Malgavko/Sputnik/dpa

The United States has imposed sanctions on a Russian government research institute it claimed had developed tools enabling a cyberattack on an undisclosed Middle Eastern petrochemical company in 2017.

In a statement on Friday, the US Treasury Department said Russia's Research Institute of Chemistry and Mechanics (TsNIIKhM) had supported the attack, which used Triton malware to target the company's critical infrastructure.

"The Russian government continues to engage in dangerous cyber activities aimed at the United States and our allies," said Treasury Secretary Steven Mnuchin. "This administration will continue to aggressively defend the critical infrastructure of the United States from anyone attempting to disrupt it."

Read moreGermany mulling economic sanctions against Russia. Do they actually work?

Washington said TsNIIKhM was responsible for "building customized tools that enabled the attack" on the facility that resulted in major industrial damage.

Triton is specially developed to target industrial plants and security systems. Experts warned the malware appeared to cause physical damage to the facility itself by disabling its safety system

'​​Unfounded accusations' 

In response to the sanctions, Moscow urged Washington to abandon the "vicious practice of unfounded accusations," calling the sanctions illegitimate.

"We emphasize once again the illegitimacy of any one-sided restrictions. Russia, unlike the United States, does not conduct offensive operations in cyber domain," Anatoly Antonov, Russia's ambassador to the US, said on social media.

TsNIIKhM has been blocked from carrying out any business with US citizens, and non-US citizens or firms that do business with TsNIIKhM could be exposed to sanctions as well.

The Treasury's statement, though not specific, appeared to be referring to an attack on a Saudi oil refinery in mid-2017.

Washington said researchers who had investigated the 2017 attack found the malware was "designed to give the attackers complete control of infected systems and had the capability to cause significant physical damage and loss of life."

The US has filed a series of indictments against hackers in Russia, China and Iran in recent weeks, imposing sanctions and issuing several warnings.

mvb/sms (dpa, Reuters, AFP)

Skip next section Explore more
Skip next section DW's Top Story

DW's Top Story

Skip next section More stories from DW