TOPEKA — Federal prosecutors have released indictments against four Russian government hackers who targeted global infrastructure in a campaign that included breaching the commercial network of the Wolf Creek nuclear power plant in Kansas.
The US Department of Justice said indictments released Thursday accused Russian nationals of attempting, supporting and carrying out computer intrusions that together, in two separate conspiracies, targeted software and hardware systems related to the sector global energy market between 2012 and 2018.
Prosecutors alleged that the hacking campaigns targeted thousands of computers at hundreds of companies and organizations in the United States and more than 135 countries. The indictments allege wire and computer fraud and identity theft.
US Attorney Duston Slinkard of Kansas said the potential for cyberattacks to disrupt or even cripple the delivery of critical energy services to hospitals, homes, businesses and other locations is a sobering reality.
“We must recognize that there are individuals who actively seek to wreak havoc on our country’s vital infrastructure system, and we must remain vigilant in our efforts to thwart such attacks,” Slinkard said.
According to the indictments, the energy sector campaign had two phases. During the first phase, which took place between 2012 and 2014, conspirators carried out a supply chain attack, compromising the computer networks of system manufacturers and software suppliers, then concealing software malware in legitimate software updates for these systems.
After unsuspecting clients downloaded infected updates, conspirators used malware to create backdoors into infected systems and scan victims’ networks. Through these and other efforts, prosecutors allege conspirators planted malware on more than 17,000 unique devices in the United States and abroad, including controllers used by power companies and of energy.
In the second phase, which took place between 2014 and 2017, the conspirators moved on to more targeted entities, individuals and specific energy sector engineers. The indictments say conspirators attacked more than 3,300 users at more than 500 U.S. and international companies and entities, in addition to U.S. government agencies such as the Nuclear Regulatory Commission.
The Department of Justice said the conspirators successfully compromised computers in the Wolf Creek Nuclear Operating Corp business network. in Burlington, Kansas, which operates the state’s nuclear power plant.
In 2017, Reuters reported that the US Department of Homeland Security issued a security bulletin suggesting hackers used the password of a Wolf Creek employee. Wolf Creek officials said at the time there was no operational impact from the cyberattack.
Federal prosecutors said victims of the Russians, including Wolf Creek and its owners Evergy and the Kansas Electric Power Cooperative, cooperated with the investigation.
“Russian state-sponsored hackers pose a serious and persistent threat to critical infrastructure in the United States and around the world,” said Lisa Monaco, Assistant United States Attorney General. “While the criminal charges unveiled today reflect past activity, they clearly demonstrate the urgent and ongoing need for corporate America to strengthen their defenses and remain vigilant.”
In August 2021, a federal grand jury in Kansas City, Kansas returned the indictment charging three of the hackers, all of whom were officers of Military Unit 71330 or “Center 16” of the Federal Security Service. Russian security agency personnel have been charged with violating US laws relating to computer fraud and abuse, wire fraud, aggravated identity theft and causing damage to the ownership of an energy facility.
