U.S. charges three employees of Russia's KGB successor for hacking critical infrastructure such as nuclear power plants



On March 24, 2022, the US

Federal Security Service (KGB), the successor to the Soviet Union's National Security Commission (KGB), said the U.S. Department of Justice launched a cyberattack targeting critical infrastructure in each country from 2012 to 2018. A total of four Russian government officials, including three members of the FSB) , have been charged. The targets of the cyber attack were energy industry facilities in about 135 countries, including a nuclear power plant in Kansas, USA.

Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide | OPA | Department of Justice
https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical



US Accuses 4 Russians of Hacking Infrastructure, Including Nuclear Plant --The New York Times
https://www.nytimes.com/2022/03/24/us/politics/russians-cyberattacks-infrastructure-nuclear-plant.html

Russian spies indicted in worldwide hacks of energy industry, including Kansas nuclear plant --POLITICO
https://www.politico.com/news/2022/03/24/russian-spies-indicted-hack-nuclear-plant-00020217

Russian officials charged in years-old energy sector hacks | AP News
https://apnews.com/article/russia-ukraine-technology-business-indictments-energy-industry-63a13bb832aa051c3661445e3b2ce608

In one of the complaints, FSB staff Pavel Aleksandrovich Akulov , Mikhail Mikhailovich Gavrilov and Marat Valeryevich Tyukov joined international energy companies and organizations, including oil, gas and nuclear power plants, from 2012 to 2017. It is said that he set up a hack. These three are officers of a group of hackers under the FSB, which are called ' Dragonfly ' and ' Berzerk Bear ' by security researchers.

The Ministry of Justice has divided the attacks involving three people into two phases in chronological order, and in the first phase from 2012 to 2014, it targets oil and gas companies, nuclear power plants, power transmission companies, etc. and supplies them. It is said that a chain attack was carried out. In this phase, malware called ' Havex ' was installed inside the software update provided by the system maker and software provider, and a backdoor was created inside the customer's system that updated the software. The attack reportedly installed malware on more than 17,000 devices in the United States and abroad.

The Justice Department also claimed that during the second phase of 2014-2017, it targeted specific energy-related organizations and individuals in the supply chain to make more targeted attacks. The targets of the spear phishing attacks carried out in the second phase included more than 500 companies and 3,300 users across many countries, as well as governmental organizations such as the Nuclear Regulatory Commission. It is also alleged to have launched a watering hole attack that compromised the server hosting the website visited by engineers from energy organizations and stole the engineer's login credentials. Among the targeted companies was Wolf Creek Nuclear Operating Corporation , which operates a nuclear power plant in Kansas, USA.

The three were charged with damaging the property of energy facilities, computer fraud and abuse, and telegraph fraud for hacking into 135 countries, including the United States. Akulov and Gavrilov have also been charged with weighted personal information theft.



In another indictment, computer programmer Evgeny Viktorovich Gladkikh, employed by a research institute under the Russian Defense Minister, was also charged with hacking into an energy facility. From May to September 2017, Gladkikh installed a malware called '

TRITON ' in a Schneider Electric safety system owned by an oil refinery plant in Saudi Arabia to prevent the safety system from working. As a result, it is said that two outages occurred due to a malfunction of the safety system, causing economic damage to the plant. Gladkikh also attempted a similar attack on an American refinery from February to July 2018, but it seems to have failed. Gladkikh has been charged with damaging energy facilities, attempting to damage energy facilities, and attempting computer fraud.

The four indicted have not been detained by US authorities and are being pursued by law enforcement agencies. On March 24, the Justice Ministry announced that it would pay up to $ 10 million in prize money to any of the four informants connected to their 'identity or whereabouts.'

'Russia's national hackers pose a serious and lasting threat to critical infrastructure in the United States and around the world. The criminal prosecution released today is a past. Reflecting the work of Lisa Monaco, it underscores the immediate need for American companies to strengthen their defenses and remain vigilant. We are doing our utmost to detect and take responsibility for threatening national hackers. '



In a statement released on March 21, US President Joe Biden warned that Russia could launch a cyberattack targeting a large number of American companies. We called on companies with particularly important infrastructure to be more vigilant.

U.S. to warn Russia of cyberattacks Infrastructure companies call for increased vigilance | Reuters
https://www.reuters.com/article/ukraine-crisis-cyber-usa-idJPL3N2VO3R8



in Security, Posted by log1h_ik