Four Russians are accused for leading a wave of cyberattacks on critical infrastructures. The accusations from the United States date back to hacks that took place between 2012 and 2018. The Biden administration is using this context to reveal to the world Russia’s capabilities to conduct such operations.
Four Russian pirates in the sights of the American authorities
On March 24, 2022, the Department of Justice unveiled the charges against four Russian officials, accused of carrying out a series of cyberattacks targeting critical infrastructure in the United States, including a nuclear power plant in Kansas.
Lapsus$: a British teenager behind the dreaded cybercriminal group?
The charges cover hacks that took place between 2012 to 2018 and come just days after President Biden warned US companies against Moscow. He said Putin’s government could carry out such attacks to retaliate against the countries that strongly opposed the Russian invasion of Ukraine.
Lisa O. Monaco, Deputy Attorney General, said in a press release that “While the criminal charges unveiled today reflect past activity, they clearly demonstrate the urgent need for corporate America to strengthen their defenses and remain vigilant”.
The Biden administration is convinced that Russian state-sponsored hackers pose a serious and persistent threat to critical infrastructure, both in the United States and around the world. The Ministry of Justice here accuses four Russian officials, three of whom are members of the Russian domestic intelligence agency, the FSB. They are accused of ordering the hacking of hundreds of energy companies around the world.
Triton: the malware that worries cybersecurity experts
These accusations confirm what cybersecurity researchers have been saying for years, that Russia is responsible for these intrusions. Furthermore, they recently stated that companies absolutely must report “any unusual activity at the FBI”. Following this announcement, a notice detailing the techniques used by hackers was published.
Evgeny V. Gladkikh, 36, a computer developer employed by the Russian Defense Ministry, is accused of using malware known as Triton, to infiltrate a petrochemical plant in Saudi Arabia in 2017. This intrusion reportedly resulted in two emergency shutdowns of the facility. At the time, investigators believed the intrusion was intended to set off an explosion. The security system had detected the malware and triggered a system shutdown.
Cybersecurity experts consider the Triton malware to be particularly dangerous due to its potential to “creating disasters in power plants around the world”, many of which use the same software that was targeted in the Saudi powerhouse. Its use in 2017 showed that Russia was ready and able to destroy critical infrastructure and to inflict a cyberattack that could have deadly consequences on populations.