The US Justice Department today announced indictments against four Russian government employees, who it alleges attempted a hacking campaign of the global energy sector that spanned six years and devices in 135 countries. The two indictments were filed under seal last summer, and are finally being disclosed to the public.
The DOJ’s decision to release the documents may be a way to raise public awareness of the increased threat these kinds of hacks pose to US critical infrastructure in the wake of Russia’s invasion of Ukraine. State-sponsored hackers have energy, nuclear, water and critical manufacturing companies for years, aiming to steal information on their control systems. Cybersecurity officials noticed a in Russian hacking activity in the US in recent weeks.
“Russian state-sponsored hackers pose a serious and persistent threat to critical infrastructure both in the United States and around the world,” Deputy Attorney General Lisa O. Monaco in a statement. “Although the criminal charges unsealed today reflect past activity, they make crystal clear the urgent ongoing need for American businesses to harden their defenses and remain vigilant.
The indictments allege that two separate campaigns occurred between 2012 and 2018. The first one, filed in June 2021, involves Evgeny Viktorovich Gladkikh, a computer programmer at the Russian Ministry of Defense. It alleges that Gladkik and a team of co-conspirators were members of the Triton malware hacking group, which launched a failed campaign to bomb a Saudi petrochemical plant in 2017. As TechCrunch, the Saudi plant would have been completely decimated if not for a bug in the code. In 2018, the same group attempted to hack but failed.
The second indictment charges three hackers who work for Russia’s intelligence agency, the (FSB), as being the members of the hacking group Dragonfly, which coordinated multiple attacks on nuclear power plants, energy companies, and other critical infrastructure. It alleges that the three men, Pavel Aleksandrovich Akulov, Mikhail Mikhailovich Gavrilov and Marat Valeryevich Tyukov engaged in multiple computer intrusions between 2012 and 2017. The DOJ estimates that the three hackers were able to install malware on more than 17,000 unique devices in the US and abroad.
A second phase known as , which occurred between 2014 and 2017, targeted more than 3,300 users across 500 different energy companies in the US and abroad. According to the DOJ, the conspirators were looking to access the software and hardware in power plants that would allow the Russian government to trigger a shutdown.
The US government is still looking for the three FSB hackers. The State Department today announced a for any information on their whereabouts. However, as the Washington Post, the US and Russia do not have an extradition treaty, so the likeliness of any of the alleged hackers being brought to trial by these indictments is slim.