Posted on March 25, 2022 at 6:18 PM

The US Government Charges Four Russians For Hacking Energy Companies

Four Russian government officials have been indicted for two major hacking campaigns between June 2012 and 2018. The U.S. Justice Department revealed that the defendants targeted the global energy sector and affected thousands of computers in more than 135 countries.

The three accused persons include Marat Valeryevich Tyukov, 39, Mikhailovich Gavrilov, 42, and Pavel Aleksandrovich Akulov, 36.

The indictment noted that Evgeny Viktorovich Gladkikh, an employee of the Russian Ministry of Defense research institute, conspired with his accomplices to destroy critical infrastructure outside the U.S., leading to emergency shutdowns at a foreign facility. Additionally, the accused allegedly hacked into the computer of a U.S. company, stealing some critical documents in the process.

In another case filed in Kansas, the U.S. government stated that the Russian federal security service (FSB) engaged in a massive hacking campaign targeting thousands of computers within the energy sector around the world.

The decision to reveal the charges and those involved highlights the concern European and U.S. officials have about responding to the economic sanctions it’s suffering from a wave of cyberattacks.

Lisa O. Monaco, U.S. Deputy Attorney General, stated that American businesses need to step up their efforts in the security of their infrastructure. She added that there is a high need for organizations to remain vigilant at this period, as expectations are high for Russian cyber attacks. 

According to Monaco, Russian-sponsored hackers “pose a serious and persistent threat to critical infrastructure both in the United States and around the world.”

Russian Attack On Critical Infrastructure Can Be Dangerous

U.S. officials said the increased worry of a possible Russian impact and its devastating impact is due to past experiences. The officials noted that some of the hacking incidences by Russian state-sponsored attackers have been poorly controlled and managed. As a result, they quickly spread across several organizations around the world. The concern here is the fact that the hackers may have equipped themselves with the right tools to penetrate top organizations, and companies need to be fully prepared.

The officials also pointed to the 2017 case dubbed NotPetya, where the hackers targeted computers and devices in Ukraine, the U.S, India, and Denmark.

British officials are also sounding out warnings to companies and organizations to beef up the security of their infrastructure against Russian state-sponsored hackers. Foreign Secretary Liz Truss stated that the attack by Russian hackers on critical infrastructure is “calculated and dangerous.”

She added that the UK government is sending a clear message to the Russian government by sanctioning and charging those that target infrastructure and businesses.

The Indictment Serves As A Deterrent

Russia does not have an extradition treaty with the U.S. This means there is very little chance that the four accused individuals can be brought to the U.S. to face the law. However, the officials decided to make the indictment public as a way of deterring others that may be

Vice president of intelligence analysis at the cyber security firm Mandiant, John Hultquist, stated that the indictment is necessary considering the ongoing tension between Russia and the West. It is also a form of warning for Russian-sponsored hackers.

The indictment means that the individuals will only be protected by the Russian government and maybe apprehended whenever they leave Russia. It means that the U.S. government is holding the individuals responsible for the incident and will not put the blame collectively only on the Russian government, he added.

Security Officials War Against Russian-sponsored Hack

According to the indictment, one of the accused, Gladkikh, carried out the hacking operation based on directives from the Central Scientific Research Institute of Chemistry and Mechanics in Moscow. He assisted with the launch of an extremely dangerous malware known as Triton, sometimes called “Hatman” or “Trisis.”

Gladkikh has also been accused of conspiracy to hack a Saudi Arabian oil refiner’s sulfur recovery systems. Officials said the operation could have led to the release of toxic gases or an explosion, depending on the severity of the malfunction.

For the past few weeks, U.S. security officials have been expressing concerns regarding the level of activities from these threat actors in cyberspace.

They have been warning that the hackers are trying to cause damage to critical chemical processes, especially in energy plants. The plan is to disrupt the critical infrastructure and cause several damages to the network. In some instances, a disruption of the chemical processes can also lead to serious harm to the people.