Four Russians indicted in US for energy sector hacks

25 Mar 2022 12:33pm
The Department of Justice building in Washington, DC. - AFP
The Department of Justice building in Washington, DC. - AFP

WASHINGTON - Four Russian agents have been indicted in the United States for hacking attacks targeting the energy sector around the world, including a US nuclear power operator, the Justice Department said Thursday.

The Russian hackers targeted thousands of computers at hundreds of companies in 135 countries between 2012 and 2018, the department said.

The Justice Department said the targets included a nuclear power facility in the US state of Kansas.

A Saudi petrochemical plant was also attacked in 2017 using the type of malware attributed to the Russian hackers.

According to the Justice Department, the Russians were employed by a Russian Ministry of Defense research institute and Russia's Federal Security Service (FSB).

The unsealing of the indictments came three days after President Joe Biden warned of a growing Russian cyber threat against US businesses in response to Western sanctions on Russia for its invasion of Ukraine.

The four Russians were the subject of two separate indictments, both pre-dating the Russian invasion.

The first indictment, from June 2021, charges Evgeny Viktorovich Gladkikh, 36, a computer programmer with a Russian Ministry of Defense institute, and unnamed conspirators of seeking to hack industrial control systems at global energy facilities.

You may also like:

The hack of a foreign refinery was "designed to enable future physical damage with potentially catastrophic effects," the Justice Department said.

The malware used, called "Triton" or "Trisis," has been identified previously as being used to hack a Saudi petrochemical facility in 2017.

"The conspirators designed the Triton malware to prevent the refinery's safety systems from functioning," the Justice Department said.

"Between February and July 2018, the conspirators researched similar refineries in the United States, which were owned by a US company, and unsuccessfully attempted to hack the US company's computer systems," it added.

In London, British Foreign Secretary Liz Truss announced sanctions against the institute where Gladkikh worked, the Central Scientific Research Institute of Chemistry and Mechanics.

"Russia's targeting of critical national infrastructure is calculated and dangerous," Truss said. "We are sending a clear message to the Kremlin by sanctioning those who target people, businesses and infrastructure."

- $10 million reward -

The other indictment, from August 2021, charges FSB agents Pavel Aleksandrovich Akulov, 36, Mikhail Mikhailovich Gavrilov, 42, and Marat Valeryevich Tyukov, 39, with carrying out multiple energy sector hacking attacks between 2012 and 2017.

The hacks were aimed at gaining access to the computer networks of companies in the international energy sector, including oil and gas firms, nuclear power plants, and utility and power transmission companies, the Justice Department said.

"These officers were members of an FSB component known as Center 16 and worked at a specific operational group known as Military Unit 71330, known by cybersecurity researchers as 'Dragonfly,' 'Energetic Bear,' and 'Crouching Yeti," the department said.

It said they conducted a successful spearphishing attack on the business network of the Wolf Creek Nuclear Operating Corp. in Burlington, Kansas, which operates a nuclear power plant.

None of the Russians are in custody and the State Department offered a reward of up to $10 million for information leading to the arrest of the three FSB agents. - AFP

Related Articles