But the new Justice Department charges underscore Russia’s hacking prowess and show the kind of activity that concerns the US government in light of the tensions sparked by Russia’s war on Ukraine.
In the other indictment, an employee of a Russian Defense Ministry research institute is accused of helping to hack into a petrochemical facility in Saudi Arabia in 2017 and causing it to shut down twice. This hacking incident alarmed the cybersecurity industry at the time, as the malicious code used in the incident targeted security systems that prevent explosions at power plants.
The Russian Embassy in Washington did not immediately respond to a request for comment.
The four men charged are believed to be in Russia.
“In both of these cases, we have determined that the benefit of revealing the results of the investigation now outweighs the likelihood of future arrests,” a senior Justice Department official said. “These accusations show the dark art of the possible when it comes to critical infrastructure.”
The three FSB agents are accused of being part of a hacking group that from 2012 to 2017 targeted numerous energy companies in the United States and abroad, including the computer network of a company that operates a power plant. Electrical in Kansas.
“While this (hacking) group is not associated with any known and deliberate disruptive events, today’s indictment and previous research demonstrates the extent to which this group operated to breach critical systems at the ‘global scale,’ Joe Slowik, senior director of cybersecurity firm Gigamon, told CNN. “In light of Russia’s invasion of Ukraine, this activity becomes of particular concern as potential footholds for future destructive events.”
Prior to the 2020 US elections, the hacking group breached some state and local government organizations, but the activity did not affect voting in any way.
The other Russian hacking group mentioned in Thursday’s news, which was involved in the 2017 shutdown of the facility in Saudi Arabia, then attempted to breach the computers of an American company “which ran infrastructure entities similar criticism in the United States,” the Justice Department said. said in a press release. That hacking attempt failed, the senior Justice Department official told reporters on Thursday.
US officials have briefed companies in the US energy and financial sectors, among others, extensively on Russian hacking capabilities in recent months, and many large companies have invested heavily in cyber defense in recent years.
This story has been updated with additional detail and context.