The U.S. Department of Justice announces charges on Thursday against four Russian nationals — three of which were government spies — in a pair of hacking campaigns in the U.S., including the hacking of a nuclear power plant in Kansas.
One indictment specifically charges Russian nationals Pavel Aleksandrovich Akulov, Mikhail Mikhailovich Gavrilov and Marat Valeryevich Tyukov with a series of computer intrusions and supply chain attacks between 2012 and 2017. Prosecutors said Gavrilov, Valeryevich and Tyukov are all members of Russia’s government spy agency — the Federal Security Service (FSB) — and worked in a hacking team called Military Unit 71330 or “Center 16.” All four Russians remain at large.
The Russians allegedly carried out their hacking campaign on U.S. energy companies in two phases. The first phase targeted Supervisory Control and Data Acquisition (SCADA) systems of energy companies. The hackers allegedly planted malware on SCADA software updates. Prosecutors say through this effort, the Russians installed malware on more than 17,000 different devices used in the U.S. and abroad between 2012 and 2014.
In the second phase, the Russians allegedly used the widespread compromised SCADA systems to target more than 3,300 users at more than 500 U.S. and international companies with varying degrees of success. One successful effort targeted the business network of the Wolf Creek Nuclear Operating Corporation (Wolf Creek) in Burlington, Kansas. According to the indictment, in May 2017, the Russians sent numerous spearphishing emails within the nuclear power company’s network. They compromised several employee accounts and used those compromised accounts to spread malware files and scripts throughout the company’s internal network.
In addition to the Wolf Creek Nuclear Operating Corporation, the Russians targeted the U.S. Nuclear Regulatory Commission and additional Kansas power companies, like Westar Energy and Kansas Electric Power Cooperative.
Prosecutors said Gavrilov, Valeryevich and Tyukov’s hacking efforts were “in furtherance of the Russian government’s efforts to maintain surreptitious, unauthorized and persistent access to the computer networks of companies and organizations in the international energy sector, including oil and gas firms, nuclear power plants, and utility and power transmission companies.”
The DoJ said the hacking efforts against companies like Wolf Creek Nuclear Operating Corporation would have enabled the Russian government to “among other things, disrupt and damage such computer systems at a future time of its choosing.”
“The potential of cyberattacks to disrupt, if not paralyze, the delivery of critical energy services to hospitals, homes, businesses and other locations essential to sustaining our communities is a reality in today’s world,” U.S. Attorney Duston Slinkard for the District of Kansas said on Thursday. “We must acknowledge there are individuals actively seeking to wreak havoc on our nation’s vital infrastructure system, and we must remain vigilant in our effort to thwart such attacks. The Department of Justice is committed to the pursuit and prosecution of accused hackers as part of its mission to protect the safety and security of our nation.”
Akulov, Gavrilov and Tyukov are charged with conspiring to damage the property of an energy facility and commit computer fraud, which comes with a maximum sentence of five years in prison. They are also charged with conspiring to commit wire fraud, which carries a maximum sentence of 20 years in prison. Akulov and Gavrilov are also charged with computer fraud related to efforts to unlawfully obtain information from computers, which carry additional 20-year maximum sentences. Akulov and Gavrilov are also each charged with three counts of aggravated identity theft, each of which carries a minimum of two years on top of any other sentences they receive.
In a second indictment unsealed on Thursday, the DoJ also charged Evgeny Viktorovich Gladkikh, another Russian national and alleged employee of a Russian Ministry of Defense research institute, with similar efforts targeting critical infrastructure. The DoJ said Gladkikh and other co-conspirators tried to damage critical infrastructure outside the U.S., resulting in two separate emergency shutdowns at foreign petroleum refinery facilities. Gladkikh then allegedly used similar methods to unsuccessfully target a U.S. company that also manages petroleum refineries.
Gladkikh is charged with conspiring to cause damage to an energy facility, which carries a maximum 20-year prison sentence; attempt to cause damage to an energy facility, which also carries a maximum 20-year sentence; and conspiring to commit computer fraud, which carries a maximum five-year prison sentence.
The U.S. State Department announced on Thursday, through the Rewards for Justice program, a reward of up to $10 million for information leading to the identification or location of Akulov, Gavrilov or Tyukov. The State Department announced a similar $10 million award for information leading to the identification or location of Gladkikh.