4 Russian government agents indicted for hacking into global energy facilities between 2012 and 2018

The indictments cover activities from years ago, but point to Russian hacking capabilities against critical infrastructure at a time when US officials are on high alert for Russian cyberattacks and as President Joe Biden is meeting with European allies over Russia’s war in Ukraine.

Biden publicly warned US business leaders on Monday that Kremlin-linked hackers could target US organizations as the Russian military continues to suffer heavy casualties in Ukraine. The FBI also notified the private sector last week that hackers associated with Russian internet addresses were scanning the networks of five US energy companies as a possible prelude to hacking attempts. There are no known compromises from this recent activity.

In an unsealed indictment on Thursday, three officers from Russia’s FSB intelligence agency are accused of hacking into energy companies, including some in the United States, from 2012 to 2017 “as part of Russian government efforts to maintain surreptitious access” to organizations in the energy sector. , said the Ministry of Justice. U.S. officials have expressed concern that Russian operatives could use this kind of access to disrupt U.S. critical infrastructure companies if Moscow had the inducement.

In the other indictment, an employee of a Russian Defense Ministry research institute is accused of helping to hack into a petrochemical facility in Saudi Arabia in 2017 and causing it to shut down twice. This hacking incident alarmed the cybersecurity industry at the time, as the malicious code used in the incident targeted security systems that prevent explosions at power plants.

The Russian Embassy in Washington did not immediately respond to a request for comment.

The four men charged are believed to be in Russia.

“In both of these cases, we have determined that the benefit of revealing the results of the investigation now outweighs the likelihood of future arrests,” a senior Justice Department official said. “These accusations show the dark art of the possible when it comes to critical infrastructure.”

The three FSB agents are accused of being part of a hacking group that from 2012 to 2017 targeted numerous energy companies in the United States and abroad, including the computer network of a company that operates a power plant. Electrical in Kansas.

“While this (hacking) group is not associated with any known and deliberate disruptive events, today’s indictment and previous research demonstrates the extent to which this group operated to breach critical systems at the ‘global scale,’ Joe Slowik, senior director of cybersecurity firm Gigamon, told CNN. “In light of Russia’s invasion of Ukraine, this activity becomes of particular concern as potential footholds for future destructive events.”

Prior to the 2020 US elections, the hacking group breached some state and local government organizations, but the activity did not affect voting in any way.

The other Russian hacking group mentioned in Thursday’s news, which was involved in the 2017 shutdown of the facility in Saudi Arabia, then attempted to breach the computers of an American company “which ran infrastructure entities similar criticism in the United States,” the Justice Department said. said in a press release. That hacking attempt failed, the senior Justice Department official told reporters on Thursday.

US officials have briefed companies in the US energy and financial sectors, among others, extensively on Russian hacking capabilities in recent months, and many large companies have invested heavily in cyber defense in recent years.

This story has been updated with additional detail and context.