US unveils charges against 4 Russian officials for 2012-18 hacking campaigns

WASHINGTON, March 24 (Reuters) – The United States on Thursday unveiled criminal charges against four Russian government officials, saying they carried out two major hacking campaigns between 2012 and 2018 that targeted the global energy sector and affected thousands of computers in 135 countries.

The Justice Department unveiled the charges in two 2021 cases just days after US President Joe Biden warned of ‘evolving intelligence’, suggesting the Russian government is exploring options for further cyberattacks potential in the future. Read more

In a now unsealed indictment from June 2021, the Justice Ministry accused Evgeny Viktorovich Gladkikh, a 36-year-old employee of the Russian Defense Ministry’s research institute, of conspiring with others between May and September 2017 to hack into the systems of a foreign refinery and install malware known as “Triton” on a security system produced by Schneider Electric (SCHN.PA).

Join now for FREE unlimited access to Reuters.com

Register

In a second, unsealed indictment from August 2021, the Justice Department said three other suspected Russian Federal Security Service (FSB) hackers carried out cyberattacks on the computer networks of oil and gas companies. gas companies, nuclear power plants and electric utility and transmission companies around the world between 2012 and 2017.

The three Russians charged in this case are Pavel Aleksandrovich Akulov, 36, Mikhail Mikhailovich Gavrilov, 42, and Marat Valeryevich Tyukov, 39.

A department official told reporters on Thursday that even though the hack in question in both cases happened years ago, investigators were still concerned that Russia is continuing to launch similar attacks.

“The conduct alleged in these charges is the kind of conduct that concerns us in the current circumstances,” the official said.

“These accusations show the dark art of the possible when it comes to critical infrastructure.”

The official added that the four accused Russians are not in custody, but the department decided to unseal the indictments because they determined that “the benefit of revealing the results of the investigation outweighs now on the likelihood of arrests in the future”.

The US State Department has announced rewards of up to $10 million for information “leading to the identification or location” of each of the four individuals.

The 2017 attack stunned the cybersecurity community when it was made public by researchers later that year because, unlike typical digital intrusions aimed at stealing data or holding it for ransom, it appeared to be aimed cause physical damage to the facility itself by disabling its security system.

Since then, US officials have been following the case and its aftershocks.

In 2019, Triton authors reportedly analyzed and surveyed at least 20 electric utilities in the United States for vulnerabilities.

The following year – two weeks before the 2020 US presidential election – the US Treasury Department sanctioned the Russian government-backed Central Scientific Research Institute of Chemistry and Mechanics, where Gladkikh reportedly worked.

‘LOCK YOUR CYBER DOORS’

News of the indictment represents “a blow from the butt” for any Russian hacking group that may be on the verge of carrying out destructive attacks on US critical infrastructure, said John Hultquist of cybersecurity firm Mandiant.

Now that these criminal charges are made public, he added, the United States has “let them know that we know who they are.”

An FBI official told reporters the cases underscore the continued threat posed by Russian cyber operations and urged companies to “lock their cyber doors.”

Among the corporate victims that participated in the Justice Department’s investigation are Wolf Creek Nuclear Operating Corporation and the Kansas Electric Power Cooperative, the department said.

A department official said additional related actions by other federal agencies are expected to be announced soon.

Join now for FREE unlimited access to Reuters.com

Register

Reporting by Sarah N. Lynch and Raphael Satter in Washington; Editing by Chizu Nomiyama and Marguerita Choy

Our standards: The Thomson Reuters Trust Principles.

Comments are closed.