Last Friday the Department of the Treasury’s Office of Foreign Assets Control (OFAC) designated, pursuant to Section 224 of the Countering America’s Adversaries Through Sanctions Act (CAATSA), a Russian government research institution that is connected to the destructive Triton malware. In 2018 FireEye stated it exposed strong connections between Triton malware and the Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM), a research organization owned by the Russian government. Triton malware attacks industrial control systems (ICS) and can affect safety protocols during an emergency situation. OFAC has described Triton as “the most dangerous activity publicly known.” The treasury department now says CNIIHM is responsible for the development of customized tools that were used in a 2017 Triton attack on a Saudi Arabian petrochemical facility. The sanctions against CNIIHM will prohibit American organizations from engaging with the Moscow based research institute.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in