US unveils charges against 4 Russian officials over 2012-18 hacking campaigns

WASHINGTON - The US unveiled criminal charges against four Russian government officials on Thursday, saying they engaged in two major hacking campaigns between 2012 and 2018 that targeted the global energy sector and impacted thousands of computers across 135 countries.

The Justice Department unsealed the charges in two 2021 cases just days after US President Joe Biden warned about “evolving intelligence” suggesting the Russian government is exploring options for more potential cyberattacks in the future.

In one now-unsealed indictment from June 2021, the Justice Department accused Evgeny Viktorovich Gladkikh, a 36-year-old Russian ministry of defense research institute employee, of conspiring with others between May and September 2017 to hack the systems of a foreign refinery and install malware known as “Triton” on a safety system produced by Schneider Electric SCHN.PA.

In a second unsealed indictment from August 2021, the Justice Department said three other alleged hackers from Russia’s Federal Security Service (FSB) carried out cyberattacks on the computer networks of oil and gas firms, nuclear power plants, and utility and power transmission companies across the world between 2012-2017.

The three accused Russians in that case are Pavel Aleksandrovich Akulov, 36, Mikhail Mikhailovich Gavrilov, 42, and Marat Valeryevich Tyukov, 39.

A department official told reporters on Thursday that even though the hacking at issue in the two cases occurred years ago, investigators still remained concerned Russia will continue to launch similar such attacks.

“The conduct alleged in these charges is the kind of conduct that we are concerned about under the current circumstances,” the official said.

“These charges show the dark art of the possible when it comes to critical infrastructure.”

The official added that the four accused Russians are not in custody, but the department decided to unseal the indictments because they determined the “benefit of revealing the results of the investigation now outweighs the likelihood of arrests in the future.”

The US State Department announced rewards of up to $10 million for information "leading to the identification or location" of each of the four individuals.

The 2017 attack stunned the cybersecurity community when it was made public by researchers later that year because - unlike typical digital intrusions aimed at stealing data or holding it for ransom - it appeared aimed at causing physical damage to the facility itself by disabling its safety system.

US officials have been tracking the case and its aftershocks ever since.

In 2019, those behind Triton were reported to be scanning and probing at least 20 electric utilities in the United States for vulnerabilities.

The following year - two weeks before the 2020 US presidential election - the US Treasury Department sanctioned the Russian government-backed Central Scientific Research Institute of Chemistry and Mechanics where Gladkikh is alleged to have worked.

'Lock your cyber doors'

The news of the indictment represents "a shot across the bow" to any Russian hacking groups who might be poised to carry out destructive attacks against US critical infrastructure, said John Hultquist of the cybersecurity firm Mandiant.

Now that these criminal charges are public, he added, the United States has "let them know that we know who they are."

An FBI official told reporters that these cases underscore the continued threat posed by Russian cyber operations and urged companies to "lock their cyber doors."

Among the victim companies that assisted with the Justice Department's investigation are Wolf Creek Nuclear Operating Corporation and the Kansas Electric Power Cooperative, the department said.

A department official said that additional related actions by other federal agencies are expected to be announced soon. -- Reuters