Historical crimes unsealed by US courts
Four Russian government employees have been charged over historical hacking campaigns targeting the global energy sector.
The defendants were named in an indictment unsealed yesterday (March 24) which related to offences that took place between 2012 and 2018.
A statement from the US Department of Justice (DoJ) alleged that the hackers targeted critical infrastructure in more than 135 countries during a long-running campaign.
A June 2021 indictment returned in the cease, United States v Evgeny Viktorovich Gladkikh, concerns the alleged efforts of an employee of a Russian Ministry of Defense research institute and his co-conspirators to damage critical infrastructure outside the US, thereby causing two separate emergency shutdowns at a foreign targeted facility.
According to the indictment, between May and September 2017, Gladkikh and co-conspirators hacked the systems of a foreign refinery and installed malware, later identified as Triton, on a safety system produced by Schneider Electric.
The conspirators designed the Triton malware to prevent the refinery’s safety systems from functioning (i.e., by causing the ICS to operate in an unsafe manner while appearing to be operating normally).
“However, when the defendant deployed the Triton malware, it caused a fault that led the refinery’s Schneider Electric safety systems to initiate two automatic emergency shutdowns of the refinery’s operations,” according to a statement by the DoJ.
An August 2021 indictment, United States v Pavel Aleksandrovich Akulov, details allegations about a separate, two-phased campaign undertaken by three officers of Russia’s Federal Security Service (FSB) and their co-conspirators to target and compromise the computers of hundreds of entities related to the energy sector worldwide.
The trio are charged in the DragonFly supply chain attack against ICS/SCADA system manufacturers.
Access to such systems would have provided the Russian government the ability to, among other things, disrupt and damage such computer systems at a future time of its choosing, the DoJ claims.
Gladkikh and Akulov, plus FSB employees Mikhail Mikhailovich Gavrilov and Marat Valeryevich Tyukov were all named in court papers.
“Russian state-sponsored hackers pose a serious and persistent threat to critical infrastructure both in the United States and around the world,” said Deputy Attorney General Lisa Monaco in a statement.
“Although the criminal charges unsealed today reflect past activity, they make crystal clear the urgent ongoing need for American businesses to harden their defenses and remain vigilant.
“Alongside our partners here at home and abroad, the Department of Justice is committed to exposing and holding accountable state-sponsored hackers who threaten our critical infrastructure with cyber-attacks.”
Gladkikh is charged with one count of conspiracy to cause damage to an energy facility, which carries a maximum sentence of 20 years in prison, one count of attempt to cause damage to an energy facility, which carries a maximum sentence of 20 years in prison, and one count of conspiracy to commit computer fraud, which carries a maximum sentence of five years in prison.
Akulov, Gavrilov and Tyukov are charged with conspiracy to cause damage to the property of an energy facility and commit computer fraud and abuse, which carries a maximum sentence of five years in prison, and conspiracy to commit wire fraud, which carries a maximum sentence of 20 years in prison.
Akulov and Gavrilov are also charged with other counts of wire fraud and computer fraud related to unlawfully obtaining information from computers and causing damage to computers, which carry maximum sentences ranging from five to 20 years in prison.
Finally, Akulov and Gavrilov are also charged with three counts of aggravated identity theft, each of which carry a minimum sentence of two years consecutive to any other sentence imposed.
More information about the alleged crimes can be found in the DoJ release.