New York: The US has charged three Russians with hacking critical energy-related infrastructure in India by infiltrating into the system malware that could be used to disrupt it at will.
The charges that had been filed in a federal court in Kansas City against the three men described as officers of the Russian intelligence agency were disclosed on Thursday by the Department of Justice.
The US government is offering rewards of up to $10 million for information about each of them.
The charging document filed in court that was seen by IANS listed India among the countries where they had set up backdoor systems in energy infrastructure computer networks that could be potentially used for cyber warfare.
The document did not identify the facilities in India that had been affected but said broadly that the international targets “included global oil and gas firms, utility and electrical grid companies, nuclear power plants, renewable energy companies, consulting and engineering groups, and advanced technology firms”.
Besides the US and India, it said, over 135 countries had been targeted and these included China, Pakistan, the UK, France and Germany.
Announcing the charges, Deputy Attorney General Lisa Monaco said: “Russian state-sponsored hackers pose a serious and persistent threat to critical infrastructure both in the US and around the world.”
The three were identified as Pavel Aleksandrovich Akulov, 36, Mikhail Mikhailovich Gavrilov, 42, and Marat Valeryevich Tyukov, 39, who, the Department said, were officers in Military Unit 71330 or “Center 16” of the FSB, the Russian federal intelligence agency.
Center 16’s operational unit was known among cybersecurity researchers as “Dragonfly”, “Berzerk Bear”, “Energetic Bear” and “Crouching Yeti”, the Department said.
It alleged that between 2012 and 2017, they had set up a backdoor entry into the computer network of the targeted institutions “in the international energy sector, including oil and gas firms, nuclear power plants, and utility and power transmission companies”.
They “engaged in computer intrusions, including supply chain attacks, in furtherance of the Russian government’s efforts to maintain surreptitious, unauthorised and persistent access” to the networks, it said.
“Such access enabled the Russian government to disrupt such systems if it wished,” it said.
The charges were filed last August after a federal grand jury, a citizens’ panel that determines if a prima facie case exists for prosecution, had indicted them, but were kept sealed and disclosed only Thursday after President Joe Biden’s administration had issued warnings on Monday of possible Russian cyberattacks on critical US infrastructure.
The court document identified only the US Nuclear Regulatory Commission and three electricity companies, one of them nuclear, in Kansas state.
About 3,000 users at more than 500 organisations were targeted, it said.
Outlining the alleged modus operandi of the Russians, the document said that they focused in the first phase known as “Dragonfly” or “Havex” on companies that produced software and hardware for control equipment in power generation facilities known as “Industrial Control Systems” (ICS) or “Supervisory Control and Data Acquisition” (SCADA) systems.
Once they got into those companies’ systems, they infected updates the companies sent to their customers passing on the malware to more than 17,000 devices, according to the court document.
In the second phase known as “Dragonfly 2.0”, they targeted specific “energy sector entities or individuals and engineers”, involving 3,300 individuals in 500 organisations.
It gave examples of “spearfishing” attacks using fake job applications sent to individuals with hidden malware and “water holing attacks” that infected visitors to certain websites.