On March 24, the Department of Justice unsealed two indictments against four Russian government employees for their alleged involvement in “two historical hacking campaigns targeting critical infrastructure worldwide.” The two campaigns targeted the “global energy sector between 2012 and 2018” and affected “thousands of computers, at hundreds of companies and organizations, in approximately 135 countries.”
The June 2021 indictment, United States v. Evgeny Viktorovich Gladkikh, alleges Gladkikh was an employee of a Russian Ministry of Defense research institute when he and his-conspirators sought to “hack industrial control systems and operational technology of global energy facilities using techniques designed to enable future physical damage with potentially catastrophic effects.” Gladkikh is charged with conspiracy to cause damage to an energy facility, attempt to cause damage to an energy facility and conspiracy to commit computer fraud.
The August 2021 indictment, United States v. Pavel Aleksandrovich Akulov, et al., alleges Akulov and two other hackers were officers in Russia’s Federal Security Service (FSB) who targeted and compromised “the computers of hundreds of entities related to the energy sector worldwide.” Access to such systems could permit the Russian government to “among other things, disrupt and damage such computer systems at a future time of its choosing.” The officers as part of a “Center 16” operation unit engaged in cyber intrusions that consisted of a two phased campaign, with the first taking place between 2012 and 2014 (“Dragonfly”) and the second occurring between 2014 and 2017 (“Dragonfly 2.0”). All three defendants are charged with conspiracy to cause damage to the property of an energy facility and commit computer fraud and abuse, while Akulov and another face an additional wire fraud and computer fraud charges stemming from “unlawfully obtaining information from computers and causing damage to computers.”
While the indictments focused on past cyber intrusions, the Justice Department reiterates that “there are individuals actively seeking to wreak havoc on our nation’s vital infrastructure system, and we must remain vigilant in our effort to thwart such attacks.” The press release also highlights numerous resources provided by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency including technical alerts and malware analysis reports that cover the specific campaigns in the indictments.