Russian Central Scientific Research Institute of Chemistry (CNIIHM)

Actor Type	Nation State
Attributed to Nation	Russia
Associated Intrusion Sets	TEMP.Veles

The Central Scientific Research Institute of Chemistry (CNIIHM) is identified by FireEye intelligence as 'a Russian government-owned technical research institution located in Moscow'.

CNIIHM has been linked to the deployment of the TRITON malware at a critical infrastructure facility in the Middle East by the group FireEye/Madiant refer to as TEMP.Veles.

According to the US Department of the Treasury CNIIHM is also known as the State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics (TsNIIKhM).

Cyber Threat Graph Context

Explore how this cyber threat actor relates to the wider threat graph

Russian Central Scientific Research Institute of Chemistry (CNIIHM) Threat Reports

Report

TRITON Attribution: Russian Government-Owned Lab Most Likely Built Custom Intrusion Tools for TRITON Attackers

This blog post by FireEye intelligence outlines how they attributed TEMP.Veles to a Russian government sponsored research institute - CNIIHM. ...

View Source

References

www.mandiant.com

https://www.mandiant.com/resources/blog/triton-attribution-russian-government-owned-lab-most-likely-built-tools

ofac.treasury.gov

https://ofac.treasury.gov/recent-actions/20201023