The US Department of Justice unsealed charges against four Russian government workers Thursday for their alleged role in two hacking campaigns targeting energy companies from 2012 and 2018, affecting 135 countries. Three of the accused are Russian intelligence officers.
“Russian state-sponsored hackers pose a serious and persistent threat to critical infrastructure both in the United States and around the world,” Deputy Attorney General Lisa O. Monaco said in a release. “Although the criminal charges unsealed today reflect past activity, they make crystal clear the urgent ongoing need for American businesses to harden their defenses and remain vigilant.”
In one indictment, an employee of a research institute affiliated with the Russian Defense Ministry is accused of helping hack a Saudi Arabian oil refinery in 2017. The Justice Department alleges that programmer Evgeny Viktorvich Gladkikh’s code targeted safety systems that ultimately caused the refinery to shut down twice.
The second indictment alleges three officers of Russia’s FSB intelligence agency hacked energy firms in more than 100 countries, including the US, to help the Russian government maintain clandestine access to critical infrastructure systems for potential future exploitation. The three are accused of engaging in multiple hacking campaigns, from 2012 to 2017, to gain entry into networks of companies across the energy sector, including companies managing supply chains, oil and gas, nuclear power plants, and utilities.
The Justice Department charged the trio with targeting more than 3,300 users at more than 500 US and international companies, using sophisticated spearphishing attacks. The groups’ alleged successes include compromising the indirect business network of a nuclear power plant in Kansas, though they are not accused of penetrating the critical industrial control systems of the plant.
The indictments follow warnings issued by President Joe Biden on Monday in both public statements and private meetings, cautioning organizations to harden their system security and remain vigilant against potential Russian cyberthreats. In the previous week, the FBI also advised companies that Russian-associated IP addresses were caught scanning five US energy companies for potential weaknesses.