US Charged Four Russian Government Employees for Years-Long Hacking Campaign

The US Department of Justice has charged four Russian government employees with cyber-attacks on the global energy sector.

The employees are accused of targeting hundreds of companies and organizations in 135 countries between 2012 to 2018, according to NBC News.

US Charged Four Russian Government Employees

The activities of the Russian government employees are said to have caused two emergency shutdowns at one facility in Saudi Arabia, according to the BBC.

The Russians then allegedly attempted to hack the computers of a company that managed the same critical infrastructure entities in the United States.

Some of the individuals are connected by the US indictment to the FSB, Russia's security service. The UK has also sanctioned a Russian defense organization said to be connected to the attack.

US President Joe Biden warned of possible cyber-attacks connected to the Ukraine conflict, but these indictments involve activity dating back before it started.

Lisa Monaco, the US Deputy Attorney General, said that Russian state-sponsored hackers pose a serious and persistent threat to critical infrastructure both in the United States and around the world.

Monaco said that even though the criminal charges were unsealed on Mar. 25 reflect past activity, there is an urgent ongoing need for American businesses to tighten their defenses and remain vigilant.

Allegations Against Russian Employees

The accused Russian employees are alleged to have installed backdoors and launched malicious software designed to compromise the safety of energy facilities. Two different groups are accused.

According to the indictment, between May 2017 and September 2017, one group is accused of hacking the systems of a petrochemical plant in Saudi Arabia and installing malware, which security experts have referred to as "Triton" on a safety system produced by Schneider Electric, according to BBC.

This caused a fault that led to the electric safety systems of the refinery to initiating two automatic emergency shutdowns of its operation in Saudi Arabia.

Between February 2018 and July 2018, the conspirators are said to have researched the same refineries in the United States and unsuccessfully attempted to hack the company's computer systems.

One Russian employee accused in this case is said to be an employee of the State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics.

The United Kingdom said that the malicious software was designed to target the plant's safety override for the Industrial Control System, which ran its operations.

The UK Foreign Office said in a statement that the malware was designed to give the actors complete control of infected systems and had the capability to cause significant impact, including the release of toxic gas or an explosion, either of which could have resulted in loss of life and physical damage to the facility.

Liz Truss, the UK Foreign Secretary, has used the UK's cyber sanctions regime to designate the Central Scientific Research Institute of Chemistry and Mechanics or TsNIKhM.

Another set of accusations is connected to three hackers who are linked to Military United 71330, or Center 16 of the FSB, according to Bloomberg.

It is also alleged that between 2012 and 2017, they engaged in computer intrusions of companies and organizations in the international energy sector, including gas firms and oil firms, nuclear power plants, utility companies, and power transmission companies.

In 2016, the US government accused Russia of hacking the presidential elections.

In the same year, the US government said that Russia made another attack after the presidential elections.

This article is owned by Tech Times

Written by Sophie Webster

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics