Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
CyberWatchers Profile picture
@cyber_watchers
Feb 13 12 tweets 2 min read Read on X
According to a CISA advisory, actors associated with FSUE TsNIIKhM are responsible for developing
destructive ICS malware. TsNIIKhM has also been sanctioned by the US Department of Treasury for
connections to the Triton Malware. Image
In 2021 the US indicted an employee of the institute, Evgeny Gladkikh, for installing TRITON malware on a safety system of global energy facilities and using techniques designed to enable future damage with potentially catastrophic effects on a Shneider Electric safety system.
However, when the TRITON malware was deployed, it caused a fault that led the refinery's safety systems to initiate two automatic emergency shutdowns of the refinerys operations.
The UK FCDO also named TsNIIKhM responsible for an incident involving safety override controls using
TRITON in a Saudi petro-chemicals plant in 2017.
TRITON is a custom built malware designed to manipulated safety instruments systems within #ICS controllers and Operational Technology disabling the safety alarms that prevent dangerous conditions.
TsNIIKhM, Центральный научно-исследовательский институт химии и механики (Central Scientiific Research Institute of Chemistry and Mechanics) celebrates the 130th anniversary of its foundation on 15 September 2024 and has been the major rearch
institution of the Russian military.
Its formation in 1894 was associated with the creation in the Russian Empire of a new industry at that time, smokeless gun powder manufacture.
The Institute was named the Military Chemical Research Institute (VKhNII) in 1931 and was relocated from Leningrad to Moscow in 1932. In 1937 VKhNII was renamed Scientific Research Institute No.6 (NII-6). In 1969 the institute was again rebadged
and became TsNIIKhM.
In 2005, TsNIIKhM was subordinated to the Federal Technical and Export Controls Service (FTEC) when it became responsible for protecting state secrets from foreign intelligence services via technological means.
TsNIIKhM described itself as the Russian Ministry of Defense's leading research organization.
Links to several Universities were formed in 2008 allowing post graduate work for the institutes scientific personnel. Joint labarotories were created at Moscows state university, M.V. Lomonsov, MSTU, M.E. Bauman and MAI.
@threadreaderapp unroll

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with CyberWatchers

CyberWatchers Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @cyber_watchers

CyberWatchers Profile picture
Feb 9
ZAO PASIT, Программно-аппаратные средства и технологии (Software, Hardware and Technologies) is a Russian tech company indicted by the US Department of Treasury. The company has a very rudimentary website which can be found at . Pasit.ru
An EO was issued by the US DOT on 15 April 2021 which included targeted sanctions against Russian tech companies, including PASIT, that had given support to Russian Intelligence Services #RIS efforts to carry out malicious cyber activities against the US.
According to the Center for European Policy Analysis (CEPA) paper "Russian Cyber Warfare: Unpacking the Kremlin's capabilities" the #SVR worked with private entities such as PASIT using its scientific production center "DELTA" as a customer.
Read 7 tweets
CyberWatchers Profile picture
Jan 25
St Petersburg based JSC Centrinform has a long history of involvement with the #FSB, of note, activity
connected to the TURLA malware campaign. The company, which has seventeen branches, was previously a subsidiary of FSUE, STC Atlas, also known as Atlas of the FSB. Image
Between 2005 and 2007 the company was called FSUE Atlas of the Federal State Security Service and, according to Government documentation, under the supervision of the FSB.
The link between Centrinform and the FSB is cemented by evidence provided in the zona-media article from February 2022 based on research conducted by the radio stations Bayerischer Rundfunk and Westdeutscher Rundfunk around the TURLA malware activity.
zona.media/news/2022/02/1…
Read 13 tweets
CyberWatchers Profile picture
Sep 20, 2023
Here is our latest thread highlighting the links between Russian Intelligence Services (#RIS) and Russian tech companies. Today we provide some details about Research and Production Center "DELTA" and its link to the #SVR.🧵
1/10 Image
According to freely available Federal Tax Service information the company was founded on 17 July 2003 by the Foreign Intelligence Service of the Russian Federation, better known as the SVR.
2/10 Image
The company ties to the SVR are supported by an online publication from 2021 in which it is reported that in 2016 Dmitriy Medvedev signed a decree of the Russian Government on the formation of Federal State Enterprise Research and Production Center DELTA
3/10
Read 11 tweets
CyberWatchers Profile picture
Sep 12, 2023
Here is an updated chart following further research into the attempts by Ilya Medvedovsky to obscure his attempts to avoid sanctions imposed by the US DOT on his companies Digital Security (DSEC), ERPScan and Embedi that we first highlighted in
🧵1/9
Image
As you can see, we have a new individual that has links to the subject companies. Dmitriy Chastuhin is a security analyst specializing in SAP, who has appeared as a speaker at multiple conferences when Director of Business Application Pen testing at ERPScan. 2/9 Image
In 2011 he also attended the Zero Nights hacker conference as a security researcher from DSEC and in 2014 spoke at CONFIDENCE 2014 representing DSEC. In 2019 Chastuhin founded Hexway and is the self proclaimed CEO. 3/9
Read 10 tweets
CyberWatchers Profile picture
Aug 24, 2023
In 2018 Digital Security (DSEC), a Russian tech company, was hit with sanctions by the US DOT.
Through online research we believe we have identified a network created by its leadership Ilya
Medvedovsky, Dmitriy Evdokimov and Yevgeniya Klimina to apparently evade these sanctions. Image
Sanctions were imposded on DSEC because of work conducted on a project that would increase Russia's
offensive cyber capabilities for the Russian intelligence services, including the FSB. ERPScan and Embedi, subsidiaries of DSEC were also sanctioned.
In the face of these sanctions, DSEC has appeared to have developed a complex network of front companies around the world to continue to operate unimpeded, an obfuscation technique that many other sanctioned entities carry out.
Read 17 tweets
CyberWatchers Profile picture
Jul 28, 2023
Positive Technologies (Pozitiv Teknolodzhiz) was about to become a public company when it was hit with sanctions by the US Department of Treasury. The proposed sale would have resulted in owner Yury Maksimov becoming a billionaire.
The sanctions, imposed in April 2021, were against six Russian Technology companies accused of supporting the efforts of the Russian Intelligence Services to carry out malicious cyber activities against the US, most notably the SolarWinds attack (attributed to #APT29 #CozyBear).
These sanctions hit PT particularly hard as, of the Tech companies affected, PT was the only one with international partnerships and customers, including Microsoft, IBM and Samsung.
Read 11 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(