A federal indictment made public Thursday accuses four men with ties to Russian spy outfits of trying to gain control of U.S. nuclear power plants through cyber sabotage. Prosecutors contend the defendants targeted both software and hardware to cripple critical infrastructure in the U.S., including the Wolf Creek nuclear plant near Burlington, Kansas. The U.S. Justice Department describes a pair of concerted attacks that involved, among other tactics, planting malware on more than 17,000 devices. That alleged hacking, the indictment says, had some success that gave saboteurs unauthorized access to networks and computers across the energy sector. All of the men are Russian nationals accused of working for their Ministry of Defense to wreck parts of the global energy sector between 2012 and 2018. Justice officials say the hacking campaigns sought to infiltrate thousands of computers at hundreds of private companies and government agencies across roughly 135 countries.
The U.S. government released a cybersecurity advisory outlining multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 that targeted the energy sector in the U.S. and beyond.
The Federal Security Service conducted a multi-stage campaign in which they gained remote access to U.S. and international Energy Sector networks, deployed ICS-focused malware, and collected and exfiltrated enterprise and ICS-related data. In addition, the Justice Department charged four Russian government employees, including three officers of the Russian Federal Security Service and a computer programmer at the Central Scientific Research Institute of Chemistry and Mechanics (TsNIIKhM), for their roles in carrying out the attacks on oil refineries, nuclear facilities, and energy companies.
The four Russian nationals are Pavel Aleksandrovich Akulov (36), Mikhail Mikhailovich Gavrilov (42), Marat Valeryevich Tyukov (39), and Evgeny Viktorovich Gladkikh (36). But in the absence of an extradition treaty between the U.S. and Russia, the chances that the four individuals will be brought to trial in the U.S. are slim.
The seven-year-long global energy sector campaign is said to have taken advantage of spear-phishing emails, trojanized software updates, and redirects to rogue websites (aka watering holes) to gain initial access, using it to deploy remote access trojans like Havex on compromised systems.
The energy sector attacks, which took place in two phases, involved deploying malware on an estimated 17,000 unique devices in the U.S. and abroad between 2012 and 2014, alongside targeting 3,300 users at more than 500 U.S. and international companies and entities from 2014 to 2017.
Also detailed by the security agencies is a 2017 campaign engineered by cyber actors with ties to TsNIIKhM with the goal of manipulating the industrial control systems of an unnamed oil refinery located in the Middle East by leveraging a piece of malware called TRITON.
|cookielawinfo-checkbox-analytics||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".|
|cookielawinfo-checkbox-functional||11 months||The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".|
|cookielawinfo-checkbox-necessary||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".|
|cookielawinfo-checkbox-others||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.|
|cookielawinfo-checkbox-performance||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".|