Russian officials charged over years of energy sector hacks | lifestyles

Among the thousands of computers targeted in about 135 countries were machines at a Kansas nuclear power plant — whose business network was compromised — and at a Saudi petrochemical plant in 2017, where the hackers overrode security controls, officials said .

Though the intruders dated back years, charges were unsealed when the FBI sparked fresh alerts about attempts by Russian hackers to scan US energy company networks for vulnerabilities that could be exploited during Russia’s war against Ukraine.

The Foreign Office, in an announcement on its website, hinted that the timing — the exposure of the “global scale” of the hacking by the KGB’s successor spy agency — was directly related to Russian President Vladimir Putin’s “unprovoked and illegal war in of Ukraine”.

In addition, several US federal agencies on Thursday released a joint advisory on the hacking campaign, urging energy executives to take steps to protect their systems from Russian agents.

“DOJ is firing warning shots at people directing Russia’s cyberattacks,” tweeted John Hultquist, threat intelligence analyst at cybersecurity firm Mandiant.

“Russian state-sponsored hackers pose a serious and ongoing threat to critical infrastructure both in the United States and around the world,” Assistant Attorney General Lisa Monaco said in a statement. “While the indictments unsealed today reflect previous activity, they make it crystal clear that American companies urgently need to step up their defenses and remain vigilant.”

None of the four suspects are in custody, although a Justice Department official who briefed reporters said officials thought it better to make the investigation public rather than wait for the “distant possibility” of arrests. The State Department on Thursday announced rewards of up to $10 million for information leading to the “identification or location” of one of the four defendants.

Among the Russians indicted is an employee at a Russian military research institute accused of working with co-conspirators to hack systems at a foreign refinery and install malicious software in 2017, twice leading to an emergency shutdown of operations. The British Foreign Office identified the target as Saudi and said the military research institute would be sanctioned. The so-called “Triton” case – affecting the Petro Rabigh complex on the Red Sea – has been well-documented by cybersecurity researchers as one of the most dangerous on record. The malware was designed with the goal of causing physical damage by disabling a safety shutdown feature that would normally save a refinery from a “catastrophic failure,” a Justice Department official said.

The clerk, Evgeny Viktorovich Gladkikh, also attempted to break into the computers of an unidentified US company that operates several oil refineries, according to an indictment filed in June 2021 and unsealed Thursday.

The three other defendants are alleged hackers for Russia’s Federal Security Service (FSB) – which conducts domestic intelligence and counterintelligence – and members of a hacking unit known to cybersecurity researchers as the Dragonfly.

The hackers are accused of installing malware in legitimate software updates on more than 17,000 devices in the US and other countries. Their supply chain attacks between 2012 and 2014 targeted oil and gas companies, nuclear power plants, and utility and power transmission companies, prosecutors said.

The aim, according to the indictment, is to “secretly establish and maintain unauthorized access to networks, computers and devices of companies and other facilities in the energy sector”. That access would allow the Russian government to modify and damage systems if it wanted to, the indictment said.

A second phase of the attack, officials said, included spear phishing attacks that targeted more than 500 U.S. and international companies, as well as U.S. government agencies, including the Nuclear Regulatory Commission.

The hackers also successfully compromised the business network – but not the control systems – of Wolf Creek Nuclear Operating Corporation in Burlington, Kansas, which operates a nuclear power plant.

The British Foreign Office said the FSB hackers also targeted British energy companies and stole data from the US aviation sector and other key US targets.

AP reporter Frank Bajak contributed from Lima, Peru

Follow Eric Tucker on Twitter at http://www.twitter.com/etuckerAP

AP reporter Frank Bajak contributed from Lima, Peru