None of the four defendants is in custody, though a Justice Department official who briefed reporters on the cases said the department determined that it was better to make the investigation public rather than wait for the “distant possibility” of arrests. The State Department on Thursday announced rewards of up to $10 million for information leading to the “identification or location” of any of the four defendants.
The indicted Russians include an employee at a Russian military research institute accused of working with co-conspirators in 2017 to hack the systems of a foreign refinery and to install malicious software, twice resulting in emergency shutdowns of operations. The malware was designed with a goal of inflicting physical damage by disabling a safety shutdown function meant to normally stop a refinery from “catastrophic failure,” a Justice Department official said.
The employee, Evgeny Viktorovich Gladkikh, also tried to break into the computers of an unidentified U.S. company that operates multiple oil refineries, according to an indictment that was filed in June 2021 and was unsealed Thursday.
The three other defendants are alleged hackers with Russia’s Federal Security Service, or FSB – which conducts domestic intelligence and counterintelligence – and members of a hacking unit known to cybersecurity researchers as Dragonfly.
The hackers are accused of installing malware through legitimate software updates on more than 17,000 devices in the U.S. and other countries. Their supply chain attacks between 2012 and 2014 targeted oil and gas firms, nuclear power plants and utility and power transmission companies, prosecutors said. The goal, according to the indictment, was to “establish and maintain surreptitious unauthorized access to networks, computers, and devices of companies and other entities in the energy sector.”
A second phase of the attack, officials said, involved spear-phishing attacks targeting more than 500 U.S. and international companies, as well as U.S. government agencies including the Nuclear Regulatory Commission.
The hackers also successfully compromised the business network of the Wolf Creek Nuclear Operating Corporation in Burlington, Kansas, which operates a nuclear power plant.
Follow Eric Tucker on Twitter at http://www.twitter.com/etuckerAP