Four Russian agents charged with targeting global energy facilities

Four Russian government employees spent years conducting hacking campaigns targeting critical energy facilities across the world, the Department of Justice announced Thursday in two unsealed indictments.

From 2012 to 2018, the two conspiracies "targeted thousands of computers, at hundreds of companies and organizations, in approximately 135 countries," the DOJ stated. Both indictments said the men sought to install malware to control the power plant equipment.

Three officers at Russia’s Federal Security Service – Pavel Aleksandrovich Akulov, Mikhail Mikhailovich Gavrilov and Marat Valeryevich Tyukov – participated in a two-phased campaign to hack computers for hundreds of energy facilities across the world, the DOJ alleged in an unsealed indictment from a Kansas district court. 

"Access to such systems would have provided the Russian government the ability to, among other things, disrupt and damage such computer systems at a future time of its choosing," the department stated in the press release.

From 2012 to 2014, the first phase of their alleged attack targeted supply chains by hiding malware inside of legitimate software updates for more than 17,000 computers across the globe.

In the second phase from 2014 to 2017, the hackers used spearphishing to target more than 3,300 users at over 500 companies, the indictment stated.

Some of the spearphising attacks were successful, and one led to the compromise of a business that operates a nuclear power plant in Burlington, Kansas, the DOJ accused.

The trio face counts of conspiracy to damage an energy facility and commit computer fraud and abuse. Akulov and Gavrilov face additional charges of wire fraud, computer fraud and aggravated identity theft.

The other indictment claimed that Evgeny Viktorovich Gladkikh, a computer programmer who worked for an institute associated with the Russian Defense Ministry, participated in a campaign to hack global energy facilities "using techniques designed to enable future physical damage with potentially catastrophic effects," the DOJ claimed.

The Gladkikh indictment, returned by a D.C. grand jury last June, alleges that he and his co-conspirators hacked a foreign refinery and installed malware to prevent its safety systems from operating in 2017. The malware attack go as planned, as the refinery's safety systems entered into automatic emergency shutdowns, the Justice Department said.

Gladkikh and his co-conspirators then turned to target U.S. refineries in 2018, but they were unable to successfully hack the facilities.

He is charged with three counts related to incidents.

"The potential of cyberattacks to disrupt, if not paralyze, the delivery of critical energy services to hospitals, homes, businesses and other locations essential to sustaining our communities is a reality in today’s world," U.S. Attorney Duston Slinkard for the District of Kansas said in the press release.

The Kremlin has been accused of wreaking havoc on global computers for years. The indictments were made public one month into Russia's invasion of Ukraine. 

"Beyond its invasion of Ukraine, Moscow presents a serious cyber threat, a key space competitor and one of the most serious foreign influence threats to the United States," National Intelligence Director Avril Haines told Congress earlier this month.