US authorities have charged three Russian intelligence officers with hacking into US nuclear companies and others for nearly six years, accusing them and another man employed by the Russian Defense Ministry of computer conspiracy and other crimes.
The federal indictments, issued in 2021 but only unsealed on March 24, were the latest in a series of accusations and revelations showing the scope and skill of Russian state-sponsored spies and hackers and their efforts to penetrate US computer systems, both private and public.
Prosecutors said three men working for a unit called Center 16 of the Federal Security Service (FSB), Russia’s main domestic intelligence agency, spent five years, from 2012 to 2017, sending fake emails with infected attachments to energy companies in the United States.
Once opened or clicked on, the attachments, which were sometimes disguised as resumes of interested job seekers, then allowed agents to insert harmful computer code and then monitor internal computer systems.
“Russian state-sponsored hackers pose a serious and persistent threat to critical infrastructure in the United States and around the world,” Deputy Attorney General Lisa Monaco said in a statement announcing the indictments.
Why the indictments were made public on March 24 was not immediately clear.
But for more than a decade, U.S. authorities have been pursuing Russian hackers — both private sector and state-sponsored — seeking arrest in countries around the world and demanding their extradition to the United States to be there. judged.
Those efforts have infuriated Moscow, which accuses the United States of stalking Russian citizens around the world.
The issue of hackers working for Russian intelligence agencies came to the fore after the 2016 US elections, when, according to US Special Counsel Robert Mueller, Russian agents hacked computer systems of Democratic Party officials, stole emails and then leaked them in an effort to embarrass then-presidential candidate Hillary Clinton.
The agency named by Mueller was the Russian military intelligence agency, known as the GRU. Another intelligence agency, known as SVR, has also been identified in several high-profile hacking incidents.
In 2017, two FSB agents were involved in the Yahoo hack and the theft of nearly a billion email accounts, one of the largest computer thefts of its kind.
In the new indictments, US authorities accuse the three FSB Center 16 officers of hacking into hundreds of computer systems of energy companies in the United States and other countries. Center 16, also known as Military Unit 71330, has been nicknamed “Berzerk Bear”, “Dragonfly” and “Energetic Bear” by cyber researchers who have followed it for years.
According to the indictment, the three used spear phishing attacks targeting more than 3,300 users at more than 500 US and international companies. They have also targeted US government agencies such as the Nuclear Regulatory Commission.
A separate indictment targeted a programmer who worked for an institute under the Russian Defense Ministry. This man, Yevgeny Gladkikh, allegedly used a very powerful type of malware known as Triton to hack into a petrochemical plant in 2017.
The indictment does not identify the factory, but details of the indictment suggest the facility was in Saudi Arabia.
Researchers who have studied the Russian hacker community have warned that Russian intelligence agencies routinely seek to hire or coerce skilled hackers from the private sector into working for the state. In another case, the FSB’s cyber unit hired a former hacker and makes him an officer.
FSB Center 16 gained publicity in 2019 when a group of hackers allegedly breached a Moscow research institute and said they found files showing the institute had been hired by Center 16 to work on a project to “de-anonymize” the Tor browser.
Tor is an internet privacy tool, originally funded by the US government, that bounces internet user traffic through “relays” around the world, making it extremely difficult for anyone to identify the source of information. or user locations.