U.S. charges 4 Russian government workers with hacking energy sector
The Washington Post March 24, 2022
The U.S. Justice Department fired another legal salvo against Russia on Thursday, announcing indictments against four Russian government employees for an alleged hacking campaign targeting the energy sector that lasted for years and targeted computers in 135 countries.
An indictment in U.S. District Court for the District of Columbia charges that Evgeny Viktorovich Gladkikh, who worked at a Russian Ministry of Defense research institute, conspired with others to damage critical infrastructure outside the United States, causing emergency shutdowns at one foreign facility. Those charged in the indictment, under seal since June 2021, also allegedly tried to hack the computers of a U.S. firm that managed similar facilities in the United States.
A separate indictment filed in Kansas alleges that a hacking campaign launched by Russian’s federal security service, or FSB, targeted computers at hundreds of energy-related entities around the world. That indictment was also filed under seal last summer.
The hacking activity took place between 2012 and 2018, U.S. officials said. The decision to reveal the indictments underscores the concern U.S. and European officials have about Russia unleashing a wave of cyberattacks on the West in response to a new wave of sanctions over Russia’s invasion of Ukraine.
Deputy Attorney General Lisa O. Monaco said there is an “urgent ongoing need for American businesses to harden their defenses and remain vigilant.” She said Russian state-sponsored hackers “pose a serious and persistent threat to critical infrastructure both in the United States and around the world.”
U.S. officials said one of their concerns regarding possible Russian hacking is that in the past, some Russian malware has been poorly controlled, spreading wildly around the world far beyond the intended targets. The 2017 case dubbed NotPetya, which targeted computers in Ukraine but also affected Denmark, India and the United States, is one example.
The Russian Embassy in Washington did not immediately respond to a request for comment on the indictments Thursday.
Russia does not extradite its citizens to the United States, so there is little chance that the four individuals charged will ever be brought to trial. U.S. officials sometimes make such indictments public in the hopes of deterring future, similar attacks.
John Hultquist, vice president of intelligence analysis at the cybersecurity firm Mandiant, said the indictments are an important gambit amid ongoing tensions between Russia and the West, and a “warning shot” for Russian government hackers. “These actions are personal and are meant to signal to anyone working for these programs that they won’t be able to leave Russia anytime soon,” he said.
Much of the hacking activity was previously reported, with U.S. security officials expressing alarm at the degree to which the hackers appeared to be deliberately trying to cause damage to sensitive chemical processes at energy plants that could result in serious harm or danger to people.
The indictment alleges that Gladkikh carried out the hacking as part of his job at the Central Scientific Research Institute of Chemistry and Mechanics in Moscow, launching an extremely dangerous form of malware called Triton, sometimes referred to as “Trisis” or “Hatman.”
Gladkikh allegedly conspired to hack a Saudi Arabian oil refiner’s sulfur recovery systems - which, depending on the severity of the malfunction, could have caused explosions or released toxic gases, officials said. Hackers also compromised computer systems tied to U.S. energy sites, according to the charging papers.
The Kansas indictment names Pavel Akulov, Mikhail Gavrilov and Marat Tyukov as members of the FSB’s Military Unit 71330, sometimes referred to as “Center 16,” where they allegedly carried out the attacks.
In one instance, the hackers were able to breach the business network for the Wolf Creek nuclear power plant outside Burlington, Kan., according to that indictment. The business network is separate from the plant’s operational system. Other U.S.-based victims included the Nuclear Regulatory Commission, Westar Energy and Kansas Electric Power Cooperative.
The Kansas indictment charges the FSB hackers placed malware on more than 17,000 different devices “to establish and maintain surreptitious, unauthorized access . . . Such accesses enabled the Russian government to disrupt and damage such systems, if it wished.”