The United States revealed on Thursday that it has indicted four Russian hackers, linked to the government of their country, for attacks committed between 2012 and 2018 against hundreds of entities in the energy sector around the world.
A first indictment, adopted in June 2021 by a grand jury in Washington, targets Evgueni Gladkikh, a 36-year-old programmer linked to the Russian Ministry of Defense. He is accused of having participated in the attack against a refinery in a third country, in 2017, with a malware called Triton. The document does not specify where this refinery was located, but the security systems of a Saudi petrochemical plant had been attacked with this software in 2017. A second indictment, adopted in August 2021 in Kansas, targets Pavel Akoulov, Mikhail Gavrilov and Marat Tyukov, suspected of being Russian security service (FSB) agents who carried out a wave of attacks against the global energy sector between 2012 and 2017.
In a first phase, dubbed “Dragonfly,” they allegedly introduced malware into legitimate software updates, infecting more than 17,000 devices. Some of the targets were located in France, according to analyzes carried out at the time by several computer security companies, but their identity had not been revealed. In a second phase, “Dragonfly 2.0”, they would have carried out 3,300 phishing attempts in more than five hundred entities, including against the Nuclear Regulatory Commission in the United States, and against targets in Turkey and Switzerland. The operator of an American nuclear power plant located in Kansas would have been targeted in particular.
The indictments do not mention a possible link to a series of attacks several years ago on Ukraine’s energy infrastructure: by the end of 2015, hundreds of thousands of homes had been deprived of electricity by what was a cyberattack against a Ukrainian electricity operator; Suspicions at the time fell on Russian hackers.
Warnings against cyberattacks in the United States
These revelations come a few days after a formal warning from US President Joe Biden, who announced on Monday that, according to “evolving information”, Russia was planning to carry out large-scale cyberattacks targeting American companies. These indictments relate to relatively old attacks, but they ” clearly show that American companies must strengthen their defenses and remain vigilant”commented Lisa Monaco, the deputy minister of justice.
None of those charged on March 24 have been arrested, but the State Department has offered a reward of up to $10 million for any information leading to their whereabouts. US cyberattack doctrine calls for publicly naming and indicting any hacker identified with a significant degree of certainty, to send a clear signal and hopefully limit future attacks.
British Foreign Secretary Liz Truss has announced sanctions against “The Central Institute for Scientific Research in Chemistry and Mechanics”the agency linked to the Russian Ministry of Defense where Yevgeny Gladkikh worked. “By sanctioning those who target people, businesses and infrastructure, we send a clear message to the Kremlin: we will not let them.”commented the minister.