The United States has revealed criminal impeachments against a quarte of Russian government office-holders, claiming they participated in two significant hacking drives between 2012 and 2018. These campaigns were targeted at the global energy sector and consequently struck thousands of computers in 135 countries.
The Guardian US shared the news on their official Twitter handle:
US charges four Russian hackers over cyber-attacks on global energy sector https://t.co/wtV0H6AMjU
— Guardian US (@GuardianUS) March 24, 2022
In one of the now-revealed chargesheet from August 2021, the justice department stated three professed hackers from the Federal Security Service (FSB) of Russia executed cyber-attacks on the computer networks of nuclear power plants, oil and gas entities, and power and utility transmission enterprises throughout the globe between 2012 and 2017.
The second unsealed allegation from June 2021, the Department of Justice accused another employee of colluding with several others from May to September 2017. The indictment revealed that these hacking attacks were targeted at the computers of a foreign refinery to install a malicious software named “Triton” on a safety framework built by Schneider Electric.
These two cases have been unsealed by the justice department just days after Joe Biden, the current US president, warned about “evolving intelligence” submitting that the Russian government is looking for more options to carry out further cyber-attacks in near future.
The three cited Russians in the first case are 42-year old Mikhail Mikhailovich Gavrilov, 36-year old Pavel Aleksandrovich Akulov, and 39-year old Marat Valeryevich Tyukov. The fourth official is 36-year old Evgeny Viktorovich Gladkikh, an employee of the Russian ministry of the defense research institute.
On Thursday, an official of DoJ told the media that even though the cyber-attacks in the two mentioned cases took place several years ago, investigators persisted with their concern that Russia will keep launching similar nature of attacks in the future.
The said charges depict the grave possibilities of the dark art when it comes to “critical infrastructure,” stated the official.
He further added that the four nominated Russians have not been arrested, but the justice department finally decided to reveal the acquisitions because they ascertained the “benefit of revealing the results of the investigation now outweighs the likelihood of arrests in the future.”
The cyber-attack of 2017 took the cybersecurity community by storm when it was revealed by the investigators later that year because contrasting to the orthodox digital hacks pursued to steal data or hold it for ransom, these attacks were meant to cause physical destruction to the installation itself by immobilizing its safety system.
Whereas, the cyber-attack carried out in 2019, involving the accused behind Triton, was proclaimed to be scrutinizing and poking nearly 20 electric supplies in the US for weak links.
The indictment news and unsealing renders “a shot across the bow” to any hacking group based in Russia that might be ready to carry out further noxious attacks on the critical infrastructure of the US, stated John Hultquist from the cybersecurity entity Mandiant.
He further stated, now that these criminal indictments are unsealed, the US has “let them know that we know who they are.”
Lisa Monaco, the US Deputy Attorney General stated, “Russian state-sponsored hackers pose a serious and persistent threat to critical infrastructure both in the United States and around the world.”
She added, “Although the criminal charges unsealed today reflect past activity, they make crystal clear the urgent ongoing need for American businesses to harden their defences and remain vigilant.”
As revealed in the indictment, one group is cited for hacking the computers of a petro-chemical facility in Saudi Arabia and placing malware, “Triton” or “Trisis” as termed by the cyber security researchers, on a safety mechanism made by Schneider Electric.
This attack created a malfunction that led the electric safety systems of the refinery to face two automatic emergency breakdowns in the refinery’s operation in Saudi Arabia.
According to the UK, the malicious software was engineered particularly to hit the safety override of the plant for the Industrial Control System which carried out its operations.
“The malware was designed to give the actors complete control of infected systems and had the capability to cause significant impact, possibly including the release of toxic gas or an explosion – either of which could have resulted in loss of life and physical damage to the facility,” read a statement from the UK Foreign Office.
Liz Truss, Foreign Secretary of the UK has utilized the cyber sanctions regime of the United Kingdom to nominate the Central Scientific Research Institute of Chemistry and Mechanics (TsNIIKhM).
The UK’s National Cyber Security Centre revealed that it determined it was “almost certain” that the FSB’s Centre 16 are also known by the group of hacker pseudonyms of “Berserk Bear,” “Energetic Bear,” and “Crouching Yeti.” These groups attacked critical IT infrastructure and national organizations in Asia, Europe, and the Americas.
They were accused by the FBI for attacking the computer systems managing the Wolf Creek nuclear power plant based in Kansas in 2017. Although fortunately no harm was done.