Russian agents charged with targeting U.S. nuclear plant, Saudi oil
refinery
Send a link to a friend
 [March 25, 2022]
By Sarah N. Lynch and Raphael Satter
WASHINGTON (Reuters) - U.S. and British
officials on Thursday accused the Russian government of running a
years-long campaign to hack into critical infrastructure, including an
American nuclear plant and a Saudi oil refinery.
The announcement was paired with the unsealing of criminal charges
against four Russian government officials, whom the U.S. Department of
Justice accused of carrying out two major hacking operations aimed at
the global energy sector. Thousands of computers in 135 countries were
affected between 2012 and 2018, U.S. prosecutors said.
Cyber security analysts described the moves as a shot across the bow to
Moscow after U.S. President Joe Biden warned just days ago about
"evolving intelligence" that the Russian government may be preparing
cyberattacks against American targets.
John Hultquist, whose firm Mandiant investigated the Saudi refinery
hack, said that by making the criminal charges public the United States
has "let them know that we know who they are."
In one of the two indictments unsealed on Thursday and dated June 2021,
the Justice Department accused Evgeny Viktorovich Gladkikh, a
36-year-old Russian ministry of defense research institute employee, of
conspiring with others between May and September 2017 to hack the
systems of a foreign refinery and install malware known as "Triton" on a
safety system produced by Schneider Electric.
The refinery wasn't named, but the British government said it was in
Saudi Arabia and it has previously been identified as the Petro Rabigh
refinery complex on the Red Sea coast.
In a second indictment, dated August 2021, the Justice Department said
three other suspected hackers from Russia's Federal Security Service
(FSB) carried out cyberattacks on the computer networks of oil and gas
firms, nuclear power plants, and utility and power transmission
companies between 2012 and 2017 - a campaign researchers have long
attributed to a group sometimes dubbed "Energetic Bear" or "Berserk
Bear."
The Russian Embassy in Washington did not immediately return a message
seeking comment.
The three accused Russians in the second case are Pavel Aleksandrovich
Akulov, 36, Mikhail Mikhailovich Gavrilov, 42, and Marat Valeryevich
Tyukov, 39. None of the four defendants have been arrested, a U.S.
official said.
Britain's Foreign Office said that the FSB hackers targeted the systems
controlling the Wolf Creek nuclear plant in Kansas "but failed to have
any negative impact."
[to top of second column]
|
The crest of the United States Department of Justice is seen at its
headquarters in Washington, D.C., U.S., May 10, 2021. REUTERS/Andrew
Kelly/File Photo
 "Russia's targeting of critical
national infrastructure is calculated and dangerous," UK foreign
secretary Liz Truss said in a statement. She said it showed Russian
President Vladimir Putin "is prepared to risk lives to sow division
and confusion among allies."
A Justice Department official told reporters that
even though the hacking at issue in the two cases occurred years
ago, investigators remained concerned Russia will carry out similar
attacks in future.
"These charges show the dark art of the possible when it comes to
critical infrastructure," the official said.
The official added that the department decided to unseal the
indictments because they determined the "benefit of revealing the
results of the investigation now outweighs the likelihood of arrests
in the future."
The 2017 Saudi refinery attack stunned the cybersecurity community
when it was made public by researchers later that year because -
unlike typical digital intrusions aimed at stealing data or holding
it for ransom - it appeared aimed at causing physical damage to the
facility itself by disabling its safety system. U.S. officials have
been tracking the case ever since.
In 2019, those behind Triton were reported to be scanning and
probing at least 20 electric utilities in the United States for
vulnerabilities.
Two weeks before the 2020 U.S. presidential election the U.S.
Treasury Department imposed sanctions on the Russian
government-backed Central Scientific Research Institute of Chemistry
and Mechanics. Prosecutors believe Gladkikh worked there. On
Thursday, British officials also announced sanctions on the
institute.
The Foreign Office said FSB hackers had targeted British energy
companies and successfully stolen data from the U.S. aviation
sector. It also accused the hackers of trying to compromise an
employee of Mikhail Khodorkovsky, a former oil tycoon who fell afoul
of the Kremlin and now lives in London.
(Reporting by Sarah N. Lynch and Raphael Satter in Washington;
Editing by Marguerita Choy and Grant McCool)
[© 2022 Thomson Reuters. All rights
reserved.] This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content.
 |
