TEMP.Veles

Actor Type	Nation State
Attributed to Nation	Russia
Directly Linked Intrusion Sets	XENOTIME
Associated Threat Actor	Russian Central Scientific Research Institute of Chemistry (CNIIHM)

TEMP.Veles is the name given by Mandiant (formerly FireEye Intelligence) to the intrusion set which deployed the TRITON malware which impacted industrial control systems (ICS) at a critical infrastructure facility.

FireEye researchers linked the group to the Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM) which is reportedly a Russian government sponsored research institute in Moscow.

Cyber Threat Graph Context

Explore how this Intrusion Set relates to the wider threat graph

TEMP.Veles Threat Reports

Report

TRITON Attribution: Russian Government-Owned Lab Most Likely Built Custom Intrusion Tools for TRITON Attackers

This blog post by FireEye intelligence outlines how they attributed TEMP.Veles to a Russian government sponsored research institute - CNIIHM. ...

View Source

References

www.mandiant.com

https://www.mandiant.com/resources/blog/triton-attribution-russian-government-owned-lab-most-likely-built-tools

pylos.co

https://pylos.co/2019/04/12/a-xenotime-to-remember-veles-in-the-wild/