The US has charged four Russian hackers in connection with cyber-attacks on the global energy sector.
- 2 minsThe US has filed criminal charges against four Russian government officials, alleging that they were involved in two major hacking campaigns that targeted the global energy sector and affected thousands of computers in 135 countries between 2012 and 2018.
According to one now-unsealed indictment from August 2021, three alleged Russian Federal Security Service (FSB) hackers carried out cyber-attacks on the computer networks of oil and gas companies, nuclear power plants, utility, and power transmission companies around the world between 2012 and 2017.
Pavel Aleksandrovich Akulov, 36, Mikhail Mikhailovich Gavrilov, 42, and Marat Valeryevich Tyukov, 39, are the three accused Russians in that case.
In a second unsealed indictment from June 2021, the DoJ accused Evgeny Viktorovich Gladkikh, a 36-year-old Russian ministry of defense research institute employee, of conspiring with others between May and September 2017 to hack into the systems of a foreign refinery and install malware known as “Triton” on a Schneider Electric safety system.
The two cases were unsealed just days after US President Joe Biden warned about “evolving intelligence,” implying that the Russian government is planning additional cyber-attacks in the future.
According to a department official, even though the hacking involved in the two cases occurred years ago, investigators are concerned that Russia will continue to launch similar attacks.
These charges demonstrate the “dark art of the possible” when it comes to critical infrastructure, according to the official.
The four accused Russians are not in custody, according to the official, but the department decided to unseal the indictments because the “benefit of revealing the results of the investigation now outweighs the likelihood of future arrests.”
When researchers made the 2017 attack public later that year, it stunned the cybersecurity community because, unlike typical digital intrusions aimed at stealing data or holding it for ransom, it appeared to be aimed at causing physical damage to the facility itself by disabling its safety system.
Since then, US officials have been following the case and its aftershocks.
In 2019, it was reported that those behind Triton were scanning and probing at least 20 electric utilities in the United States for vulnerabilities.
The US Treasury Department sanctioned the Russian government-backed Central Scientific Research Institute of Chemistry and Mechanics, where Gladkikh is alleged to have worked, the following year, two weeks before the 2020 US presidential election.
According to John Hultquist of cybersecurity firm Mandiant, the indictment is a “shot across the bow” to any Russian hacking groups that may be planning destructive attacks against US critical infrastructure.
He added that now that the criminal charges have been made public, the US has “let them know that we know who they are.”