US Accuses Russia Of Years Of Hacking Nuclear Power Plants And Oil Refineries

Four Russian citizens who continue to be wanted for alleged hacking of critical facilities. (photo: twitter @TheJusticeDept)

JAKARTA - US and British officials on Thursday, March 24, accused the Russian government of running a years-long campaign to hack into their critical infrastructure. These include United States nuclear power plants and Saudi Arabia's oil refineries.

The announcement was paired with the opening of criminal charges against four Russian government officials, whom the US Justice Department has accused of carrying out two major hacking operations aimed at the global energy sector. According to the US Attorney, as a result of the hack, thousands of computers in 135 countries were affected between 2012 and 2018, the US

Cybersecurity analysts described the move as crossbow fire into Moscow after US President Joe Biden warned days ago about "intelligence developments" that the Russian government may be preparing cyberattacks against targets in America.

John Hultquist, owner of anti-virus firm Mandiant which investigated Saudi refinery hacks, said that by making the criminal allegations public, the United States had "told them we know who they are."

Three Russian Federal Security Service officers, Pavel Aleksandrovich Akulov, Mikhail Mikhailovich Gavrilov, and Marat Valeryevich Tyukov, were charged for conspiring to hack computer networks in the global energy sector on behalf of Russia's government. https://t.co/jNFGteUVPM pic.twitter.com/Zwl7Baenmp

— FBI (@FBI) March 24, 2022

In one of two indictments opened last Thursday and June 2021, the US Department of Justice accused Evgeny Viktorovich Gladkikh, a 36-year-old employee of the Russian Ministry of Defense research institute, of conspiring with others between May and September 2017. They allegedly hacked foreign distillery systems and installed malware known as "Triton" on security systems manufactured by Schneider Electric.

The refinery was not named, but the British government said it was in Saudi Arabia. The refinery has also previously been identified as the Petro Rabigh refinery complex on the Red Sea coast.

In a second indictment, dated August 2021, the Justice Ministry said three other suspected hackers from Russia's Federal Security Service (FSB) carried out cyberattacks against computer networks of oil and gas companies, nuclear power plants, and power transmission companies and utilities between 2012 and 2017. Researchers say the venture has long been associated with a group sometimes dubbed "Energetic Bear" or "Berserk Bear".

The Russian Embassy in Washington did not immediately reply to a message seeking comment from the New York Times.

Evgeny Viktorovich Gladkikh, a #cyber operator employed by the Russian government, is charged for his role in a conspiracy to commit computer intrusions targeting energy facilities in the U.S. and overseas and to cause harm to those facilities. https://t.co/7UbkAAWPN0 pic.twitter.com/n5cSvJ4ciP

— FBI (@FBI) March 24, 2022

Meanwhile, the three Russian defendants in the second case are Pavel Aleksandrovich Akulov (36), Mikhail Mikhailovich Gavrilov (42), and Marat Valeryevich Tyukov (39). However, none of the four defendants have been arrested so far.

The UK Foreign Office said that FSB hackers targeted the systems controlling the Wolf Creek nuclear power plant in Kansas. However, they failed to have a negative impact on their efforts.

"Russia's targeting of critical national infrastructure is calculated and dangerous," British Foreign Secretary Liz Truss said in a statement. He said it also showed that Russian President Vladimir Putin was "ready to risk his life to sow division and confusion among allies."

A Justice Department official told the media that although the hacking in question in the two cases took place last year, investigators remain concerned that Russia will carry out similar attacks in the future.

"These allegations demonstrate the dark art of the possible when it comes to attacks on critical infrastructure," the official said.

The official added that the department decided to unseal the charges because they determined "the benefits of disclosing the results of the investigation now outweigh the possibility of future arrests."

According to US officials who researched the case, the Saudi Arabian refinery attack in 2017 shocked the cybersecurity community when it was announced by researchers later that year. The reason is that unlike regular digital intrusions aimed at stealing data or holding it for ransom, the attack appears to be aimed at causing physical damage to the facility itself by disabling its security systems.

In 2019, those behind the Triton reportedly scanned and investigated at least 20 electric utilities in the United States for vulnerabilities.

Two weeks before the 2020 US presidential election, the Treasury has also imposed sanctions on the Russian government-backed Center for Scientific Research Institute of Chemistry and Mechanics. Prosecutors believe Gladkikh worked there. On Thursday, British officials also announced sanctions against the institute.

The US State Office said FSB hackers had targeted a British energy company and managed to steal data from the US in the aviation sector. The hacker is also accused of trying to compromise with an employee of Mikhail Khodorkovsky, a former oil tycoon who broke the Kremlin and now lives in London.