The US Department of Justice has charged four Russian government workers in connection with hacking campaigns that targeted the global energy sector as Washington warns companies to be on high alert for potential cyber attacks amid Moscow’s invasion of Ukraine.
The criminal charges unsealed Thursday allege the four Russian nationals were “attempting, supporting and conducting” cyber attacks that targeted hundreds of companies in the energy sector across more than 135 countries, including some from which Moscow had sought economic, military and security assistance.
While the crimes allegedly occurred between 2012 and 2018, DoJ and FBI officials said they provided examples of activities that US agencies fear could happen again as Russia tries to undermine western countries’ support of Ukraine.
“The conduct alleged in these charges is the kind of conduct that we are concerned about under the current circumstances and has been addressed by various parts of the federal government, including the president himself,” said a senior DoJ official. “These charges show the dark art of the possible when it comes to critical infrastructure.”
Joe Biden, president, on Monday had warned a Russian cyber attack on the US is coming and told members of the Business Roundtable, a large corporate lobbying organisation, it was their “patriotic obligation” to strengthen their digital defences.
“Although the criminal charges unsealed today reflect past activity, they make crystal clear the urgent ongoing need for American businesses to harden their defences and remain vigilant,” Lisa Monaco, deputy US attorney-general, said in a statement on Thursday.
A senior FBI official said: “For weeks now, we’ve been asking US businesses and critical infrastructure owners to have an incredibly low threshold for reporting any unusual activity”.
In one of the two cases unsealed on Thursday, Evgeny Viktorovich Gladkikh, a computer programmer working for a Russian defence ministry research institute, and others were accused of conspiring to hack the systems of a refinery abroad, leading twice to an emergency shutdown.
The 2017 attack sought to cause “physical damage” and have the refinery operate in an unsafe manner while appearing to function ordinarily, the DoJ alleged.
The following year, the defendants allegedly sought, and failed, to attack similar refineries in the US, authorities said.
In the second case, Pavel Aleksandrovich Akulov, Mikhail Mikhailovich Gavrilov and Marat Valeryevich Tyukov — officers at Russia’s Federal Security Service — and others allegedly targeted oil and gas companies, nuclear power plants as well as utility and power transmission businesses with a supply chain attack between 2012 and 2014. They were accused of installing malware on more than 17,000 devices in the US and abroad.
They also allegedly launched spearphishing attacks between 2014 and 2017 against more than 500 companies in the US and abroad as well as US government agencies including the Nuclear Regulatory Commission. One successful attack involved the Wolf Creek Nuclear Operating Corporation, which operates a nuclear power plant in Kansas.
John Hultquist, vice-president of intelligence analysis at cyber security company Mandiant, called the indictments a “warning shot” intended for Russian groups carrying out “disruptive cyber attacks”.
“These actions are personal and are meant to signal to anyone working for these programmes that they won’t be able to leave Russia any time soon,” he added.
All four defendants remain at large. The Russian embassy in Washington did not immediately respond to a request for comment.
Additional reporting by Hannah Murphy