Four Russian agents have been indicted in the United States for hacking attacks targeting the energy sector around the world, including a US nuclear power operator and a Saudi petrochemical facility.
The Russian hackers targeted thousands of computers at hundreds of companies in 135 countries between 2012 and 2018, the Justice Department said on Thursday.
“Russian state-sponsored hackers pose a serious and persistent threat to critical infrastructure both in the United States and around the world,” Deputy Attorney General Lisa Monaco said in a statement.
“Alongside our partners here at home and abroad, the Department of Justice is committed to exposing and holding accountable state-sponsored hackers who threaten our critical infrastructure with cyber-attacks.”
According to the Justice Department, the Russians were employed by a Russian Ministry of Defense research institute and Russia’s Federal Security Service (FSB).
The unsealing of the indictments came three days after President Joe Biden warned of a growing Russian cyber threat against US businesses in response to Western sanctions on Russia for its invasion of Ukraine.
The four Russians were the subject of two separate indictments, both predating the Russian invasion.
The first indictment, from June 2021, charges Evgeny Viktorovich Gladkikh, 36, a computer programmer with a Russian Ministry of Defense institute, and unnamed conspirators of seeking to hack industrial control systems at global energy facilities.
The hack of a foreign refinery was “designed to enable future physical damage with potentially catastrophic effects,” the Justice Department said.
The malware used, called “Triton” or “Trisis,” has been identified previously as being used to hack a Saudi petrochemical facility in 2017.
“The conspirators designed the Triton malware to prevent the refinery’s safety systems from functioning,” the Justice Department said.
“Between February and July 2018, the conspirators researched similar refineries in the United States, which were owned by a US company, and unsuccessfully attempted to hack the US company’s computer systems,” it added.
In London, British Foreign Secretary Liz Truss announced sanctions against the institute where Gladkikh worked, the Central Scientific Research Institute of Chemistry and Mechanics.
“Russia’s targeting of critical national infrastructure is calculated and dangerous,” Truss said. “We are sending a clear message to the Kremlin by sanctioning those who target people, businesses and infrastructure.”
$10 million reward
The other indictment, from August 2021, charges FSB agents Pavel Aleksandrovich Akulov, 36, Mikhail Mikhailovich Gavrilov, 42, and Marat Valeryevich Tyukov, 39, with carrying out multiple energy sector hacking attacks between 2012 and 2017.
The hacks were aimed at gaining access to the computer networks of companies in the international energy sector, including oil and gas firms, nuclear power plants, and utility and power transmission companies, the Justice Department said.
“These officers were members of an FSB component known as Center 16 and worked at a specific operational group known as Military Unit 71330, known by cybersecurity researchers as ‘Dragonfly,’ ‘Energetic Bear,’ and ‘Crouching Yeti’,” the department said.
It said they conducted a successful spearphishing attack on the business network of the Wolf Creek Nuclear Operating Corp. in Burlington, Kansas, which operates a nuclear power plant.
None of the Russians are in custody and the State Department offered a reward of up to $10 million for information leading to the arrest of the three FSB agents.