TOPEKA — Federal prosecutors unsealed indictments against four Russian government computer hackers who targeted global infrastructure in a campaign that included breach of the business network at Wolf Creek nuclear power plant in Kansas.
The U.S. Department of Justice said indictments made public Thursday charged Russian nationals with attempting, supporting and conducting computer intrusions that together, in two separate conspiracies, targeted software and hardware systems linked to the global energy sector between 2012 and 2018.
Prosecutors alleged the hacking campaigns targeted thousands of computers at hundreds of companies and organizations in the United States and in more than 135 countries. The indictments allege wire and computer fraud and identity theft.
U.S. Attorney Duston Slinkard of Kansas said potential of cyberattacks to disrupt, if not paralyze, the delivery of critical energy services to hospitals, homes, businesses and other locations was a sobering reality.
“We must acknowledge there are individuals actively seeking to wreak havoc on our nation’s vital infrastructure system, and we must remain vigilant in our effort to thwart such attacks,” Slinkard said.
According to indictments, the energy sector campaign involved two phases. In the first phase, which took place between 2012 and 2014, conspirators engaged in a supply chain attack, compromising computer networks of system manufacturers and software providers and then hiding malware inside legitimate software updates for such systems.
After unsuspecting customers downloaded infected updates, the conspirators used malware to create backdoors into infected systems and scan victims’ networks. Through these and other efforts, prosecutors allege conspirators installed malware on more than 17,000 unique devices in the United States and abroad, including controllers used by power and energy companies.
In the second phase, which transpired between 2014 and 2017, the conspirators transitioned to more targeted specific energy sector entities and individuals and engineers. The indictments say conspirators attacked more than 3,300 users at more than 500 U.S. and international companies and entities, in addition to U.S. government agencies such as the Nuclear Regulatory Commission.
The Justice Department said conspirators were successful in compromising the business network computers of the Wolf Creek Nuclear Operating Corp. in Burlington, Kansas, which operates the state’s nuclear generating station.
In 2017, Reuters reported the U.S. Department of Homeland Security issued a security bulletin suggesting hackers used the password of a Wolf Creek employee. Officials at Wolf Creek said at that time there was no operational impact of the cyber attack.
Federal prosecutors said victims of the Russians, including Wolf Creek and its owners Evergy and the Kansas Electric Power Cooperative, cooperated in the investigation.
“Russian state-sponsored hackers pose a serious and persistent threat to critical infrastructure both in the United States and around the world,” said Lisa Monaco, a deputy U.S. attorney general. “Although the criminal charges unsealed today reflect past activity, they make crystal clear the urgent ongoing need for American businesses to harden their defenses and remain vigilant.”
In August 2021, a federal grand jury in Kansas City, Kansas, returned the indictment charging three of the computer hackers, all of whom were officers in Military Unit 71330 or “Center 16” of the Federal Security Service. The Russian security agency staff were charged with violating U.S. laws related to computer fraud and abuse, wire fraud, aggravated identity theft and causing damage to the property of an energy facility.