[ad_1]
Three Russian spies tried to take control of power plants in a wide-ranging hacking conspiracy that targeted hundreds of energy companies in 135 countries, US federal prosecutors announced Thursday.
The trio were members of a covert unit within the Russian Federal Security Service nicknamed “Dragonfly” that hacked the hardware and software of computer systems that controlled nuclear power plants and other energy facilities, the Department of Justice said in a newly unsealed indictment.
Pavel Aleksandrovich Akulov, 36, Mikhail Mikhailovich Gavrilov, 42, and Marat Valeryevich Tyukov, 39, used “spearphishing” email scams to gain access to systems at various companies, then hid malware in software updates that was spread to over 17,000 users, according to the indictment.
The two-phased conspiracy allegedly lasted between 2012 and 2017 with targets including the US Nuclear Regulatory Commission, an unnamed New York-based renewable energy facility and Wolf Creek Nuclear Operating Corp. in Kansas, where a grand jury returned the indictment against the spies in August.
Some of the other companies targeted by the Russian government spies were located in the UK, Canada, China, France and Germany, prosecutors claim.
Duston Slinkard, US attorney for the District of Kansas, said the DOJ was focused on “its mission to protect the safety and security of our nation.”
“The potential of cyberattacks to disrupt, if not paralyze, the delivery of critical energy services to hospitals, homes, businesses and other locations essential to sustaining our communities is a reality in today’s world,” Slinkard said in a statement.
“We must acknowledge there are individuals actively seeking to wreak havoc on our nation’s vital infrastructure system, and we must remain vigilant in our effort to thwart such attacks,” he added.
The trio are facing a slew of charges including conspiracy to commit wire fraud, which comes with a maximum sentence of 20 years. Akulov and Gavrilov are facing other charges including identity theft, the DOJ said.
The indictments went public as Russia’s ongoing invasion of Ukraine continues to isolate the country diplomatically from the West. The US has said it is bracing for the potential of large-scale cyberattacks as Russia feels the squeeze of economic sanctions put in place because of the war.
A separate indictment unsealed Thursday out of Washington DC charges Evgeny Viktorovich Gladkikh, a Russian national who hacked into systems, with the intent of disrupting the safety of energy facilities.
In 2012, Gladkikh used malware to break into Schnieder Electric’s systems with the intent of preventing safety systems at a plant from functioning, the indictment said.
The refinery had an automatic shutdown as a result of the installation. Later, Gladkikh and others researched other facilities and tried to hack an unnamed US energy company’s refineries, the DOJ said.
[ad_2]