By Scott Canon ksnewsservice.org
A federal indictment released Thursday accuses four men linked to Russian spy groups of attempting to take control of US nuclear power plants – including one in Kansas – through cyber sabotage.
Prosecutors argue that the defendants targeted both software and hardware to cripple critical infrastructure in the United States, including the Wolf Creek nuclear power plant near Burlington, Kansas.
The US Department of Justice describes a pair of concerted attacks that involved, among other tactics, planting malware on more than 17,000 devices.
This alleged hack, according to the indictment, had some success that gave the saboteurs unauthorized access to networks and computers in the energy sector.
All the men are Russian nationals accused of working for their Ministry of Defense to destroy parts of the global energy sector between 2012 and 2018. Justice officials say the hacking campaigns aimed to infiltrate thousands computers in hundreds of private companies and government agencies across approximately 135 countries.
“Russian state-sponsored hackers pose a serious and persistent threat to critical infrastructure in the United States and around the world,” Assistant U.S. Attorney General Lisa O. Monaco said in a statement. hurry. “The criminal charges unveiled today … clearly demonstrate the urgent and continued need for corporate America to strengthen their defenses and remain vigilant.”
Although the indictments were unsealed on Thursday – amid rising US-Russian tensions – they were first filed in secret in US District Court in Washington, DC, and Kansas City, Kan., in 2018.
Prosecutors said in a press release that Wolf Creek and its owners, Evergy and the Kansas Electric Power Cooperative, worked with investigators and “provided invaluable assistance.”
The Department of Justice alleges that Wolf Creek was the target of an attack in a second phase of attacks known as “Dragonfly 2.0” focused on specific energy facilities, including engineers at the plant. The indictment says Russian agents targeted more than 3,300 people at 500 US and foreign companies and government agencies.
Part of the alleged scheme relied on spearfishing hacks that use email to lure people to seemingly legitimate websites that were actually traps designed to steal passwords, plant malware, or find ways to circumvent cybersecurity defenses.
“When the engineers navigated to a compromised website, the conspirators’ hidden scripts deployed malware designed to capture login credentials on their computers,” according to the Department of Justice.
Officials from the United States Nuclear Regulatory Commission were also targets of the alleged attacks.
Pavel Aleksandrovich Akulov, Mikhail Mikhailovich Gavrilov and Marat Valeryevich Tyukov are charged with conspiracy to cause damage to the property of an energy facility and commit computer fraud and abuse, in an indictment in district court American from Kansas City, Kansas. A second DC court indictment alleged that Russian national Evgeny Viktorovich Gladkikh and unnamed co-conspirators targeted a foreign oil facility and a US energy company between 2017 and 2018.
FBI Deputy Director Paul Abbate said in a press release that Moscow was responsible for the attacks.
“We will continue,” he said, “to quickly identify and direct response assets to the victims of Russian cyber activity.”
The Politico news website quoted an unnamed justice official as saying more action on the issue could come from the federal government in the coming days. The same source told Politico that the defendants are unlikely to be extradited. Scott Canon is editor of the Kansas News Service, a collaboration between KCUR, Kansas Public Radio, KMUW and High Plains Public Radio focusing on health, the social determinants of health and how they relate to public policy. You can reach him on Twitter @ScottCanon or email scott@kcur.org.