DOJ releases sealed indictments of 3 Russians who hacked Kansas nuclear facility

TOPEKA, Kan. (WIBW) - The Department of Justice released sealed indictments for three Russians who hacked into the Wolf Creek operating system.

The U.S. Department of Justice says the two indictments, filed last summer and unsealed Thursday, March 24, charge four Russian defendants who worked for the Russian government. The DOJ says the group used their hacking skills in two separate conspiracies which targeted the global energy sector between 2012 and 2018.

“Russian state-sponsored hackers pose a serious and persistent threat to critical infrastructure both in the United States and around the world,” said Deputy Attorney General Lisa O. Monaco. “Although the criminal charges unsealed today reflect past activity, they make crystal clear the urgent ongoing need for American businesses to harden their defenses and remain vigilant. Alongside our partners here at home and abroad, the Department of Justice is committed to exposing and holding accountable state-sponsored hackers who threaten our critical infrastructure with cyber-attacks.”

The DOJ said the June 2021 indictment returned in Washington, D.C., in United States v. Evgeny Viktorovich Gladkikh concerned alleged efforts of an employee of a Russian Ministry of Defense research institute and his coconspirators to damage crucial infrastructure outside the U.S. which could have caused two separate emergency shutdowns at a foreign targeted facility.

According to the Department, the conspiracy attempted to hack the computers of a U.S. company that managed similar critical infrastructure entities in the country.

This indictment charged Gladkikh, 36, a computer programmer employed by the Russian Ministry of Defense, for his role in the attempt to hack the industrial control systems and operational technology of a foreign refinery, which could have disrupted the globe’s energy industry.

Then, an August 2021 indictment returned in the District of Kansas, in United States v. Pavel Aleksandrovich Akulov, et al., detailed allegations about separate, two-phased campaign undertaken by three officers of Russia’s Federal Security Service and their coconspirators to target and compromise the computers of hundreds of entities related to the worldwide energy sector.

This indictment charged Pavel Aleksandrovich Akulov, 36, Mikhail Mikhailovich Gavrilov, 42, and Marat Valeryevich Tyukov, 39, three computer hackers, Russian nationals and FSB Military officers, for violating American computer fraud and abuse, wire fraud, aggravated identity theft and damage to property of an energy facility laws.

This crime consisted of two phases - in the first, the three engaged in a supply chain attack which compromised computer networks for Havex systems hidden inside legitimate software updates. After unsuspecting customers downloaded the malware, the three created backdoors to infect systems and scan for additional devices. During this phase, the DOJ said 17,000 unique devices were compromised.

In the second phase, the Department said the three used more targeted attacks to focus on specific energy sector entities. The alleged tactics included spearphishing attacks that targeted 3,300 users at over 500 U.S. and international companies. The three successfully compromised the business network of the Wolf Creek Nuclear Operating Corporation - a facility in Burlington, Kan., which operates a nuclear power plant. The three used the plant’s network to dig further into other key networks.

The DOJ said access to such systems would have provided the Russian government with the ability to disrupt and damage such computer systems in the future.

“The FBI, along with our federal and international partners, is laser-focused on countering the significant cyber threat Russia poses to our critical infrastructure,” said FBI Deputy Director Paul Abbate. “We will continue to identify and quickly direct response assets to victims of Russian cyber activity; to arm our partners with the information that they need to deploy their own tools against the adversary, and to attribute the misconduct and impose consequences both seen and unseen.”

In addition to the unsealed charges, the DOJ said the government has taken action to enhance private sector network defense efforts and disrupt similar activity.

The DOJ said the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency has already released various Technical Alerts, ICS Alerts and Malware Analysis Reports about Russia’s malign cyber practices - including campaigns discussed in the indictments.

For more information about the cases, click HERE.