Four Russian nationals have been charged by the US Department of Justice in relation to hacking campaigns that targeted energy companies around the world, while working for the Russian government.
Two indictments allege that the four engaged in major hacking campaigns against critical infrastructure worldwide between 2012 and 2018, targeting thousands of computers, at hundreds of organisations, in approximately 135 countries.
According to a now-unsealed June 2021 indictment, 36-year-old computer programmer Evgeny Viktorovich Gladkikh, is alleged to have installed backdoors and launched malware attacks designed to compromise the safety of energy facilities – “designed to enable future physical damage with potentially catastrophic effects.”
Gladkikh, a Russian Ministry of Defense research institute employee, and two co-conspirators, are said to have targeted an oil refinery between May and September 2017, installing the Triton malware on a safety system. Triton was designed to prevent the refinery’s safety systems from operating properly, allowing potentially catastrophic damage to be caused.
The malware was designed to give the attackers complete control of infected systems, and could have resulted in the release of toxic gas or an explosion – causing physical damage to the facility and loss of life.
However, a fault in the malware’s deployment resulted in the safety systems at the refinery automatically initiating emergency shutdowns of its operations.
Although unnamed in the indictment, the target has been identified as the Petro Rabigh refinery complex in Saudi Arabia.
Subsequent unsuccessful attacks targeted the computers of a US company managing similar critical infrastructure in the United States.
The second indictment, dated August 2021, charges three officers of Russia’s FSB with a supply-chain attack known as “Dragonfly” that installed the Havex malware, and compromised ICS/SCADA controllers used by oil and gas firms, nuclear power plants, and utility companies around the world.
As the UK Government describes, one of the group’s targets in 2017 was the Wolf Creek nuclear power plant in Kansas, which thankfully “failed to have any negative impact.”
The three men named in the second indictment – 36-year-old Pavel Aleksandrovich Akulov, Mikhail Mikhailovich Gavrilov, 42, and 39-year-old Marat Valeryevich Tyukov – face multiple charges.
The unsealing of the charges comes as US President Joe Biden has warned about “evolving intelligence” that the Russian government is exploring options for launching hacking attacks against US targets.
Although there is slim chance of any of the four Russian agents being arrested – unless they are foolish enough to leave Russia and enter the United States, or visit a country that has an extradition agreement with America – the unsealing of the indictments is a warning shot to other hacking groups thinking of launching attacks against critical infrastructure.