Four Russian intelligence agents have been indicted by the U.S. Department of Justice (DOJ), after they spent five years allegedly targeting critical infrastructure networks in the United States and across the globe between 2012 and 2018.
The DOJ unsealed two indictments on Thursday charging four government employees with two separate conspiracies for targeting thousands of computers at hundreds of energy infrastructure in 135 countries in an effort to enable the Russian government to gain remote control of power plants.
According to the DOJ, the Russians were employed by a Russian Ministry of Defense research institute and Russia’s Federal Security Service (FSB). One of the targets included a nuclear power facility in the U.S. State of Kansas, while a Saudi petrochemical plant was attacked in 20017 using the type of malware attributed to the Russian hackers.
The unsealing of the indictments came three days after President Joe Biden warned of a growing Russian cyber threat against U.S. business in response to Western sanctions on Russia for its invasion of Ukraine.
In the first case, the DOJ unsealed charges from June of 2021 against Russian government employee Evgeny Gladkikh who, along with unidentified co-conspirators, carried out hacking attacks that caused two separate emergency shutdowns at a foreign energy facility. The later failed when they allegedly sought to carry out a similar attack on a U.S. company that managed similar critical infrastructures entities.
“In these two cases, we’ve determined that the benefit of revealing the results of the investigation now outweighs the likelihood of arrests in the future,” a senior Justice Department official said. “These charges show the dark art of the possible when it comes to critical infrastructure.”
In a separate case charged in August of last year, the DOJ charged three officers in Russia’s FSB with carrying out a two-phased campaign to “target and compromise the computers of hundreds of entities related to the energy sector worldwide.
“Although this (hacking) group is not associated with any known, deliberate disruptive event, today’s indictment and previous research shows how extensively this group operated to breach critical systems globally,” Joe Slowik, senior manager at cybersecurity firm Gigamon, told CNN. “In light of Russia’s invasion of Ukraine, this activity becomes especially concerning as potential footholds for future destructive events.”
The DOJ said on Thursday, “Access to such systems would have provided the Russian government the ability to, among other things, disrupt and damage such computer systems at a future time of its choosing.”
This is far from the first time the U.S. government has called out Russian malicious cyber activity. The DHS and FBI put out an alert in March of 2018, warning that the Russian government was targeting the U.S. energy sector through a “multi-stage intrusion campaign.” Biden sanctioned Russia last year for its involvement in the SolarWinds hacking campaign, which allowed Russian government hackers to access the networks of at least a dozen federal agencies and 100 private-sector groups for around a year.
The real question is, if this isn’t political pandering and propaganda, why did the Department of Justice wait 5 years to make these indictments happen?