Russians Charged in Cyber Attacks on Nuclear Plant, Energy Infrastructure

March 25, 2022

New York Times:

WASHINGTON — The Justice Department unsealed charges on Thursday accusing four Russian officials of carrying out a series of cyberattacks targeting critical infrastructure in the United States, including a nuclear power plant in Kansas, and evidently compromising a petrochemical facility in Saudi Arabia.

The announcement covered hackings from 2012 to 2018, but served as yet another warning from the Biden administration of Russia’s ability to conduct such operations. It came days after President Biden told businesses that Moscow could wage such attacks to retaliate against countries that have forcefully opposed the Russian invasion of Ukraine.

“Although the criminal charges unsealed today reflect past activity, they make crystal clear the urgent ongoing need for American businesses to harden their defenses and remain vigilant,” Deputy Attorney General Lisa O. Monaco said in a statement. “Russian state-sponsored hackers pose a serious and persistent threat to critical infrastructure both in the United States and around the world.”

The four officials, including three members of Russia’s domestic intelligence agency, the Federal Security Service, or F.S.B., are accused of breaching hundreds of energy companies around the world, showing the “dark art of the possible,” a Justice Department official said at a briefing with reporters.

The indictments essentially confirm what cyberresearchers have said for years, that Russia was to blame for the intrusions. None of the Russian officials accused of the attacks have been apprehended.

In his warning to private companies on Monday, Mr. Biden urged them to strengthen their defenses. National security experts have said that companies should report any unusual activity to the F.B.I. and other agencies that can respond to potential breaches.

In one of the indictments unsealed on Thursday, a computer programmer for the Russian Ministry of Defense, Evgeny V. Gladkikh, 36, is accused of using a type of malware known as Triton to infiltrate a foreign petrochemical plant in 2017, leading to two emergency shutdowns at the facility. The indictment did not identify the location of the plant, but the details of the attack suggest the facility was in Saudi Arabia.

Investigators believed at the time that the intrusion was meant to trigger an explosion, but said that a mistake in the code prevented one. The safety system detected the malware and prompted a system shutdown, leading researchers to discover the code.

Undeterred, the next year Mr. Gladkikh and other hackers researched refineries in the United States and tried to breach the computers of an American company that managed similar critical infrastructure facilities in the United States, according to court filings.

Mr. Gladkikh was charged with one count of conspiracy to cause damage to an energy facility, one count of attempt to cause damage to an energy facility and one count of conspiracy to commit computer fraud, which carries a maximum sentence of five years in prison.

Cybersecurity experts consider the Triton malware to be particularly dangerous because of its potential to create disasters at power plants around the world, many of which use the same software that was targeted in the Saudi Arabian plant. Its use in 2017 signaled a dangerous escalation of Russia’s cyberabilities, demonstrating that Russia was willing and able to destroy critical infrastructure and inflict a cyberattack that could have deadly consequences.

“It was different than what we’d seen before because it was a new leap in what was possible,” said John Hultquist, a vice president of intelligence analysis at the cybersecurity firm Mandiant.

In a separate indictment, federal prosecutors accused three Federal Security Service officers, Pavel A. Akulov, 36, Mikhail M. Gavrilov, 42, and Marat V. Tyukov, 39, of a yearslong effort to target and compromise the computer systems of hundreds of energy sector businesses around the world.

The three men are all believed to be members of a unit in the security agency that carries out cybercrimes, and is known by various names including “Dragonfly,” “Berzerk Bear,” “Energetic Bear” and “Crouching Yeti.”

The group has “a decade of experience going after U.S. critical infrastructure,” Mr. Hultquist said. “In 2020, they were digging into state and local systems as well as airports.”

Mr. Akulov, Mr. Gavrilov and Mr. Tyukov are accused of hacking Wolf Creek Nuclear Operating Corporation, which runs a nuclear power plant near Burlington, Kan., as well as other businesses that operate critical infrastructure, such as oil and gas firms and utility companies.

Raw Story:

Four Russian agents have been indicted in the United States for hacking attacks targeting the energy sector around the world, including a US nuclear power operator and a Saudi petrochemical facility.

The Russian hackers targeted thousands of computers at hundreds of companies in 135 countries between 2012 and 2018, the Justice Department said Thursday.

“Russian state-sponsored hackers pose a serious and persistent threat to critical infrastructure both in the United States and around the world,” Deputy Attorney General Lisa Monaco said in a statement.

“Alongside our partners here at home and abroad, the Department of Justice is committed to exposing and holding accountable state-sponsored hackers who threaten our critical infrastructure with cyber-attacks.”

According to the Justice Department, the Russians were employed by a Russian Ministry of Defense research institute and Russia’s Federal Security Service (FSB).

The unsealing of the indictments came three days after President Joe Biden warned of a growing Russian cyber threat against US businesses in response to Western sanctions on Russia for its invasion of Ukraine.

The four Russians were the subject of two separate indictments, both pre-dating the Russian invasion.

None of the Russians are in custody and the State Department offered a reward of up to $10 million for information leading to the arrest of the three FSB agents.

One Response to “Russians Charged in Cyber Attacks on Nuclear Plant, Energy Infrastructure”

  1. J4Zonian Says:

    Yet another reason it’s insane to build or even keep operating nuclear reactors. How many reasons do we need?

    In a world run by psychopaths at every level in every aspect of our lives, how many goddamn reasons do we need?

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: