US indicts four Russians over attacks on energy sector

Three individuals are said to work for Russia's FSB, the replacement for the KGB, and one for the Ministry of Defense

Image:

Three individuals are said to work for Russia's FSB, the replacement for the KGB, and one for the Ministry of Defense

Four Russian agents have been charged in the United States with hacking into hundreds of companies in the energy sector throughout the world, including a nuclear power plant in Kansas.

The US Department of Justice has announced charges against four Russian government employees allegedly linked to multiple cyberattacks around the world.

The move comes three days after President Biden warned of a rising Russian cyber threat to US firms, in response to sanctions imposed on Russia over its invasion of Ukraine.

The individuals charged are Pavel Aleksandrovich Akulov; Marat Valeryevich Tyukov; Evgeny Viktorovich Gladkikh; and Mikhail Mikhailovich Gavrilov.

Akulov, Tyukov and Gavrilov are alleged to be intelligence operatives working for Russia's Federal Security Service (FSB), while Gladkikh is employed at a Russian Ministry of Defense research institute.

Between 2012 and 2018, these individuals attacked thousands of computers at hundreds of energy firms in 135 countries, the Justice Department claims.

Two separate indictments were filed against them, just months before Russia's invasion of Ukraine.

The first indictment, filed in the US District Court for the District of Columbia in June 2021, alleges that Evgeny Viktorovich Gladkikh conspired with other operatives to penetrate the computers of a Saudi Arabian petrochemical facility and implant malware on a safety system produced by Schneider Electric.

The malware deployed has been referred to as 'Triton' or 'Trisis' by cybersecurity experts.

The hacking efforts took place between May and September 2017, and the malware triggered a failure in the refinery's electric safety systems, resulting in two automatic emergency shutdowns of the Saudi refinery's operation.

According to the Justice Department, Gladkikh, 36, worked as computer programmer at a Russian Ministry of Defense research institute.

The second indictment, dated August 2021, accuses FSB officers Akulov, Tyukov and Gavrilov of hacking into multiple energy sector firms between 2012 and 2017.

They attempted to gain access to the computer networks of companies in the global energy sector, including nuclear power plants, oil and gas firms, and utility and power transmission organisations, according to the indictment.

The three agents are accused of installing backdoors, launching malicious software to compromise power plant security, and providing the Russian government the ability to shut down compromised systems at will.

The attackers reportedly attempted to dupe engineers at a target firm using a watering hole attack, which saw victims visiting a compromised website where the agents could implant malware and collect users' login credentials.

They also used spearphishing attacks to target 3,300 people at more than 500 American and overseas firms, including the Nuclear Regulatory Commission.

None of the Russians have been apprehended so far, and the State Department has offered a $10 million reward for information in exchange for information leading to their arrest.

Deputy Attorney General Lisa O. Monaco said there is urgent ongoing need for American firms to enhance their defences and stay watchful, as state-backed hackers from Russia pose a substantial and persistent threat to key infrastructure in the United States and throughout the world.