DOJ Charges Russian Officials for Two Historical Hacking Campaigns
The Justice Department continues to prosecute Russian-related crimes. Since the Ukraine Crisis, DOJ has steadily been announcing criminal charges against defendants connected to Russia.
In its most recent action, DOJ unsealed two indictments charging four Russian nationals who were employed by the Russian government with two separate computer hacking conspiracies that targeted the global energy sector between 2012 and 2018. In sum, these hacking campaigns targeted thousands of computers in roughly 135 countries.
A 2021 indictment in the District of Columbia, United States v. Evgeny Viktorovich Gladkikh, focuses on the efforts of a Russian Ministry of Defense research institute to damage critical infrastructure outside the United States, which caused two separate emergency shutdowns at a foreign-targeted facility. This same group attempted to hack computers of a United States company responsible for managing critical infrastructure entities.
A second indictment in the District of Kansas, United States v. Pavel Aleksandrovich Akulov, et al., outlines a two-phased campaign by three officers of Russia’s Federal Security Service (FSB) to hack computers of hundreds of organizations connected to the energy sector worldwide.
The Gladkikh indictment charges Evgeny Gladkikh, a 36 year old computer programmer at an institute affiliated with the Russian Ministry of Defense, for his role in hacking industrial controls systems and operational technology of global energy facilities.
Between May and September 2017, Gladkikh and co-conspirators hacked the systems of a foreign refinery and installed malware (referred to as “Triton”) on a system produced by Schneider Electric. The Triton malware prevented the refinery’s safety systems from functioning. After the installation of the Triton malware, Schneider Electric’s safety systems automatically initiated two system shutdowns. Later, in 2018, Gladkikh and his co-conspirators sought to conduct a similar hacking action against a United States-based computer system.
Gladkikh is charged with one count of conspiracy to cause damage to an energy facility, one count of attempt to cause damage to an energy facility and one count of conspiracy to commit computer fraud.
The Akulov indictment charges three defendants who were officers in a military unit of the FSB with computer fraud, wire fraud, identity theft and causing damage to an energy facility. The three defendants were members of a Center 16 operational unit, which between the years 2012 and 2017 engaged in computer hacking , including supply chain attacks against oil and gas firms, nuclear power plants and utility and power transmission companies.
The defendants and their co-conspirators targeted the software and hardware that controls equipment in power generation facilities, known as ICS or Supervisory Control and Data Acquisition (SCADA) systems. The campaign involved two phases – in phase one, which occurred between 2012 and 2014, the conspirators attacked supply chains and hid malware (known as “Havex”), which created backdoors into infected systems. Through these efforts and spearfishing attacks, the conspirators installed malware on more than 17,000 devices in the United States and abroad.
In the second phase, which occurred between 2014 and 2017, the conspirators used more targeted strategies to focus on specific energy sector entities. The defendants launched spearfishing attacks against users at more than 500 United States and international companies, including the Nuclear Regulatory Commission. In one case, the defendants were successful in compromising the network of Wolf Creek Nuclear Operating Company in Burlington, Kansas. The three defendants are charged with conspiracy to damage an energy facility, and commit computer fraud.