The US has filed criminal accusations against four Russian government officers, alleging that they were involved in two large hacking campaigns targeting the global energy sector that impacted thousands of systems in 135 countries between 2012 and 2018.
Three alleged hackers from Russia’s Federal Security Service (FSB) carried out cyber-attacks on the computer networks of oil and gas companies, nuclear power plants, utility and power transmission companies around the world between 2012 and 2017, according to a now-unsealed indictment from August 2021.
Pavel Aleksandrovich Akulov, 36, Mikhail Mikhailovich Gavrilov, 42, and Marat Valeryevich Tyukov, 39, are the three Russians charged in that case.
The Department of Justice accused Evgeny Viktorovich Gladkikh, a 36-year-old Russian ministry of defense research institute employee, of conspiring with others between May and September 2017 to hack into the systems of a foreign refinery and install malware known as “Triton” on a Schneider Electric safety system, according to a second unsealed indictment from June 2021.
The two cases were unsealed just days after US President Joe Biden issued a warning about “changing intelligence,” implying that the Russian government is considering future cyber-attack possibilities.
Even though the hacking at issue in the two cases occurred years ago, investigators are concerned Russia may continue to launch similar attempts, according to a department official who spoke to reporters on Thursday.
When it comes to essential infrastructure, these charges demonstrate the dark art of the possible,” the official explained.
The four accused Russians are not in custody, according to the official, but the department opted to unseal the indictments because the “value of disclosing the investigation’s findings now outweighs the chance of future arrests.”
When researchers made the 2017 attack public later that year, it surprised the cybersecurity community because, unlike most digital intrusions aimed at stealing data or holding it for ransom, it looked to be aimed at causing physical harm to the facility by disabling its safety system.
Since then, US authorities have been monitoring the case and its ramifications.
Triton’s creators were said to be scanning and probing at least 20 US electric providers for weaknesses in 2019.
The US Treasury Department sanctioned the Russian government-backed Central Scientific Research Institute of Chemistry and Mechanics, where Gladkikh is believed to have worked, the following year, only two weeks before the 2020 presidential election in the United States.
According to John Hultquist of the cybersecurity firm Mandiant, the announcement of the indictment serves as a “shot across the bow” to any Russian hacking groups that may be planning devastating strikes against US vital infrastructure.
The United States has “let them know that we know who they are” now that the criminal charges have been made public, he said.