Russian officials charged over years of energy sector hacks | lifestyles

By ERIC TUCKER – Associated Press

WASHINGTON (AP) — Four Russian officials, including hackers from a state intelligence agency, have been charged with maliciously hacking critical infrastructure around the world, including the US energy and aviation sectors between 2012 and 2018, the US Department of Justice and the UK Foreign Office announced Thursday .

Among the thousands of computers targeted in about 135 countries were machines at a Kansas nuclear power plant — whose business network was compromised — and at a Saudi petrochemical plant in 2017, where the hackers overrode security controls, officials said .

Though the intruders dated back years, charges were unsealed when the FBI sparked fresh alerts about attempts by Russian hackers to scan US energy company networks for vulnerabilities that could be exploited during Russia’s war against Ukraine.

The Foreign Office, in an announcement on its website, hinted that the timing — the exposure of the “global scale” of the hacking by the KGB’s successor spy agency — was directly related to Russian President Vladimir Putin’s “unprovoked and illegal war in of Ukraine”.

People also read…

  • Ex-wife accuses former Missouri governor Eric Greitens of abuse
  • Tubs of “home grown Delta 8” cannabis products being sold at Soulard Market are a cause for concern
  • The Bat, Man: Cardinal’s Goldschmidt wields a new lab-designed, custom bat that’s worth the weight
  • Editorial: There are many awkward questions about Cora Faith Walker’s untimely death
  • Goold: Should Cardinals be worried about Yadier Molina’s late arrival?
  • BenFred: Every spring it seems like it gets harder to envision the Flaherty and Cardinals front office sticking together
  • Latest population estimates show that the St. Louis metropolitan area is losing ground and the city is falling below 300,000 residents
  • Five Thoughts on New Mizzou Basketball Coach Dennis Gates
  • Flaherty agrees to terms; Hudson also signs and throws strong while the Cardinals hold off Marlins at 4-3
  • Two families enjoy common space, private space in Washington, Mo., home
  • Cardinals throw rotational derby ‘wide open’ as Flaherty has been treating shoulder infection, will start on IL
  • Mizzou was preparing to hire Cleveland State’s Dennis Gates, pending board approval
  • Bader, O’Neill from the Cardinals lineup, but it has no contractual significance
  • Investigators in the Greit case plead guilty to evidence manipulation on the eve of the hearing
  • Flaherty signs, but Bader and O’Neill go to arbitration

In addition, several US federal agencies on Thursday released a joint advisory on the hacking campaign, urging energy executives to take steps to protect their systems from Russian agents.

“DOJ is firing warning shots at people directing Russia’s cyberattacks,” tweeted John Hultquist, threat intelligence analyst at cybersecurity firm Mandiant.

“Russian state-sponsored hackers pose a serious and ongoing threat to critical infrastructure both in the United States and around the world,” Assistant Attorney General Lisa Monaco said in a statement. “While the indictments unsealed today reflect previous activity, they make it crystal clear that American companies urgently need to step up their defenses and remain vigilant.”

None of the four suspects are in custody, although a Justice Department official who briefed reporters said officials thought it better to make the investigation public rather than wait for the “distant possibility” of arrests. The State Department on Thursday announced rewards of up to $10 million for information leading to the “identification or location” of one of the four defendants.

Among the Russians indicted is an employee at a Russian military research institute accused of working with co-conspirators to hack systems at a foreign refinery and install malicious software in 2017, twice leading to an emergency shutdown of operations. The British Foreign Office identified the target as Saudi and said the military research institute would be sanctioned. The so-called “Triton” case – affecting the Petro Rabigh complex on the Red Sea – has been well-documented by cybersecurity researchers as one of the most dangerous on record. The malware was designed with the goal of causing physical damage by disabling a safety shutdown feature that would normally save a refinery from a “catastrophic failure,” a Justice Department official said.

The clerk, Evgeny Viktorovich Gladkikh, also attempted to break into the computers of an unidentified US company that operates several oil refineries, according to an indictment filed in June 2021 and unsealed Thursday.

The three other defendants are alleged hackers for Russia’s Federal Security Service (FSB) – which conducts domestic intelligence and counterintelligence – and members of a hacking unit known to cybersecurity researchers as the Dragonfly.

The hackers are accused of installing malware in legitimate software updates on more than 17,000 devices in the US and other countries. Their supply chain attacks between 2012 and 2014 targeted oil and gas companies, nuclear power plants, and utility and power transmission companies, prosecutors said.

The aim, according to the indictment, is to “secretly establish and maintain unauthorized access to networks, computers and devices of companies and other facilities in the energy sector”. That access would allow the Russian government to modify and damage systems if it wanted to, the indictment said.

A second phase of the attack, officials said, included spear phishing attacks that targeted more than 500 U.S. and international companies, as well as U.S. government agencies, including the Nuclear Regulatory Commission.

The hackers also successfully compromised the business network – but not the control systems – of Wolf Creek Nuclear Operating Corporation in Burlington, Kansas, which operates a nuclear power plant.

The British Foreign Office said the FSB hackers also targeted British energy companies and stole data from the US aviation sector and other key US targets.

AP reporter Frank Bajak contributed from Lima, Peru

Follow Eric Tucker on Twitter at http://www.twitter.com/etuckerAP

AP reporter Frank Bajak contributed from Lima, Peru

Copyright 2022 The Associated Press. All rights reserved. This material may not be published, broadcast, transcribed or redistributed without permission.