Malicious computer code used in a cyberattack against a petrochemical plant in Saudi Arabia has been linked by U.S. researchers to a research institute owned by the Russian government.

The malware used in the intrusion, which gained control over a safety shut-off system, was widely suspected to be built by a so-called nation-state actor when it emerged publicly last year. But the new research, published Tuesday by FireEye Inc., is the first to link the attack to Russia, whose digital probing of critical infrastructure over...