Russian spies indicted in worldwide hacks of energy industry, including Kansas nuclear plant

From 2014 to 2017, Akulov, Gavrilov and Tyukov are accused of using spearphishing and other tactics to home in on more than 3,300 specific people working in the energy industry. Their targets worked at more than 500 different entities, including the U.S. Nuclear Regulatory Commission, according to the indictment. In one instance, they are alleged to have compromised the business network of Wolf Creek Nuclear Operating Corp. in Kansas, which runs a nuclear power plant, though a Justice Department official ,who was granted anonymity as a condition of letting reporters join a press conference, said Thursday that the control systems network was not accessed.

The indictment was one of two unsealed Thursday against Russian hackers. A second indictment unsealed in the U.S. District Court of the District of Columbia alleged that Russian national Evgeny Viktorovich Gladkikh and unnamed co-conspirators targeted a foreign oil facility and a U.S. energy company between 2017 and 2018.

“Russian state-sponsored hackers pose a serious and persistent threat to critical infrastructure both in the United States and around the world,” Deputy Attorney General Lisa Monaco said in a statement on Thursday. “Although the criminal charges unsealed today reflect past activity, they make crystal clear the urgent ongoing need for American businesses to harden their defenses and remain vigilant.”

The Justice Department official noted that more actions from the U.S. federal government would be announced in the days to come.

“These charges show the dark art of the possible when it comes to critical infrastructure,” the Justice Department official said.

The official said that the Justice Department chose to unseal the indictments to warn people about risks to critical infrastructure –– and to highlight the department’s concerns about current malign Russian activity. The official said the indictments are a reminder of the Russian government’s intent and capabilities. Unsealing the charges also appears to be tacit acknowledgment that the charged military officials are very unlikely to be arrested and extradited to the U.S.

The State Department later offered a $10 million reward for “for information leading to the identification or location” of Akulov, Gavrilov or Tyukov, who it said were members of an “operational group” known alternatively as Dragonfly, Energetic Bear and Crouching Yeti.

Just days ago, President Joe Biden warned that “evolving intelligence” showed the Russian government was considering cyberattacks against the U.S. as sanctions bite down and Russian progress on the ground in Ukraine remains largely stalled.

The FBI also warned last week that Russian hackers were targeting U.S. energy companies and other U.S. defense, IT and financial groups. Biden sent a letter to governors this week urging them to take “urgent action” to protect their systems. CISA today issued an alert detailing the tactics, techniques and procedures used in the energy sector intrusions.

This is far from the first time the U.S. government has called out Russian malicious cyber activity. DHS and FBI put out an alert in March 2018 warning that the Russian government was targeting the U.S. energy sector through a “multi-stage intrusion campaign.” Biden sanctioned Russia last year for its involvement in the SolarWinds hacking campaign, which allowed Russian government hackers to access the networks of at least a dozen federal agencies and 100 private-sector groups for around a year.