4 Russian Officials Charged in Two ‘Historical’ Hacking Campaigns Targeting Critical Infrastructure in 135 Countries: DOJ

4 Russian Officials Charged in Two ‘Historical’ Hacking Campaigns Targeting Critical Infrastructure in 135 Countries: DOJ
The Department of Justice (DOJ) logo is pictured on a wall in New York on Dec. 5, 2013. (Carlo Allegri/Reuters)
Katabella Roberts
3/25/2022
Updated:
3/25/2022

Four Russian officials have been charged in two hacking campaigns that targeted critical infrastructure in 135 countries around the globe, the U.S. Justice Department and British Foreign Office announced on March 24.

The Russian nationals, who all worked for the Russian government, were charged with attempting, supporting, and conducting cyberattacks that targeted the global energy sector between 2012 and 2018, officials said.

These hacking campaigns targeted thousands of computers at hundreds of companies and organizations, including those at the Wolf Creek nuclear power plant in Kansas, which saw its business network compromised, and at a Saudi petrochemical plant in 2017.

Some of the individuals are linked by the U.S. indictment to Russia’s Federal Security Service (FSB).

Two separate groups are accused in the indictment.

The first incident involved the alleged hacking of a petrochemical refinery in Saudi Arabia in 2017, where an employee of a Russian Ministry of Defense research institute, Evgeny Gladkikh, and his co-conspirators allegedly used malware targeting the plant’s safety override for the Industrial Control System. This resulted in two emergency shutdowns of the plant, officials said.

Gladkikh and his co-conspirators then allegedly attempted to hack the computers of a U.S. company that managed similar critical infrastructure entities in the United States, officials said.

In a second indictment unsealed in a district court in Kansas in August 2021, prosecutors accused three officers of the FSB, the successor agency of the KGB, and their co-conspirators of targeting and compromising the computers of hundreds of entities related to the energy sector worldwide, including nuclear power plants, oil and gas firms, and utility and power transmission companies.

“Access to such systems would have provided the Russian government the ability to, among other things, disrupt and damage such computer systems at a future time of its choosing,” officials said.

According to the indictment, some of the charges brought against the alleged perpetrators can carry a maximum of 20 years in prison if they are found guilty.

None of the four defendants is in custody, and the State Department has announced rewards of up to $10 million for information leading to the arrest of a defendant or identification of any other conspirators.

The indictments come amid Russian President Vladimir Putin’s ongoing invasion of Ukraine and concerns from the FBI that Russia is exploring options for cyberattacks targeting the United States.

President Biden earlier this week warned that there is an increased likelihood of Russian cyberattacks on American infrastructure in response to U.S. sanctions on Moscow, pointing to “evolving intelligence.”
“I’ve warned about the potential for Russia to conduct malicious cyber activity in response to the cost we’d impose, with our Allies and partners, on the world,” Biden said at the Business Roundtable’s CEO Quarterly meeting. “But today my administration has issued renewed warnings that, based on evolving intelligence, Russia may be planning a cyberattack against us. And as I’ve said, the magnitude of Russia’s cyber capacity is fairly consequential, and it’s coming.”
On Thursday, multiple U.S. federal agencies, including the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Energy (DOE), issued a joint advisory on the hacking campaign, alerting energy executives to the historical tactics, techniques, and procedures used by Russian operatives and what they can do to increase security.

“Russian state-sponsored hackers pose a serious and persistent threat to critical infrastructure both in the United States and around the world,” said Deputy Attorney General Lisa O. Monaco in announcing the charges on Thursday.

“Although the criminal charges unsealed today reflect past activity, they make crystal clear the urgent ongoing need for American businesses to harden their defenses and remain vigilant. Alongside our partners here at home and abroad, the Department of Justice is committed to exposing and holding accountable state-sponsored hackers who threaten our critical infrastructure with cyber-attacks.”