Four Russian government officials have been charged with cyber-attacks on the global energy sector by the US.
Between 2012 and 2018, they are suspected of targeting hundreds of businesses and organizations in over 135 countries.
Their actions are believed to have resulted in two consecutive emergency shutdowns at a Saudi Arabian facility.
The plot then allegedly sought to break into the computers of a firm in the United States that operated similar critical infrastructure assets.
The US indictment links some of the defendants to Russia’s security service, the FSB.
A Russian defense organization involved in the strike has also been sanctioned by the UK.
Although US President Joe Biden warned this week of probable cyber-attacks connected to the Ukraine crisis, the accusations relate to behavior that occurred before the conflict began.
“Russian state-sponsored hackers represent a substantial and persistent danger to key infrastructure both in the United States and throughout the world,” said US Deputy Attorney General Lisa Monaco.
“Although the criminal accusations unveiled today relate to prior conduct, they highlight the essential necessity for American firms to strengthen their defenses and remain watchful.”
What exactly are the charges of on the energy sector?
The accused are accused of installing backdoors and launching harmful software with the goal of jeopardizing the security of energy sector facilities.
Two distinct organizations have been charged
According to the indictment, between May and September 2017, one gang is suspected of hacking into the networks of a Saudi Arabian petrochemical facility and planting malware known as “Triton” or “Trisis” on a Schneider Electric safety system.
As a result of the problem, the refinery’s electric safety systems initiated two automatic emergency shutdowns of the Saudi Arabian refinery’s operations.
Between February and July 2018, the conspirators allegedly conducted research on comparable refineries in the United States and attempted unsuccessfully to infiltrate the company’s computer systems.
The accused in this case is believed to be a member of the FGUP Central Scientific Research Institute of Chemistry and Mechanics, which is part of the Russian Federation’s State Research Center.
The malicious software was expressly meant to attack the plant’s safety override for the Industrial Control System that managed its operations, according to the UK.
“The malware was designed to give the actors complete control of infected systems and had the capability to cause significant impact, possibly including the release of toxic gas or an explosion – either of which could have resulted in loss of life and physical damage to the facility,” according to a statement from the UK Foreign Office.
UK Foreign Secretary Liz Truss has designated the Central Scientific Research Institute of Chemistry and Mechanics within the UK’s cyber sanctions system (TsNIIKhM).
Three hackers affiliated to Military Unit 71330, or “Centre 16” of the FSB, are the subject of another series of allegations.
They are accused of hacking into enterprises and organizations in the international energy industry, including oil and gas corporations, nuclear power facilities, and utility and power transmission companies, between 2012 and 2017.
The software and hardware that controls equipment in power producing plants is reported to have been attacked.
The UK’s National Cyber Security Centre stated it was “very clear” that the FSB’s Centre 16 targeted important IT networks and national infrastructure in Europe, the Americas, and Asia under the hacking group pseudonyms “Energetic Bear,” “Berserk Bear,” and “Crouching Yeti.”
The FBI indicted them in 2017 for attempting to hack into the systems that control the Wolf Creek nuclear power plant in Kansas, but this had no effect.
This is the most recent cyber assault blamed on Russia. It comes amid growing worry that infrastructure, such as energy, might be targeted in reaction to the Ukraine conflict.
One officer in the United Kingdom said they had witnessed persistent Russian activity against such targets, but it was nothing out of the ordinary.
The charges of cyber-attacks have always been refuted by Russia.
