Department of Justice Reminds Us Russian Hackers Are a Serious Threat

pcmag.com:

The Department of Justice unsealed two indictments returned in 2021 against four hackers employed by Russian Federation government agencies for multi-year campaigns targeting energy-industry targets.

“In total, these hacking campaigns targeted thousands of computers, at hundreds of companies and organizations, in approximately 135 countries,” a DOJ press release issued Thursday says. 

The first previously sealed indictment was returned last June in the U.S. District Court for the District of Columbia, United States v. Evgeny Viktorovich Gladkikh. It alleges that Gladkikh, working for a Russian Ministry of Defense research agency, placed malware in a safety system operated by “a refinery outside the United States” in 2017 and then in “a U.S.-based company’s similar facilities” during 2018. 

The second indictment was returned last August in the U.S. District Court for the District of Kansas, United States v. Pavel Aleksandrovich Akulov, Mikhail Mikhailovich Gavrilov, and Marat Valeryevich Tyukov. It charges those officers of Russia’s Federal Security Service (FSB, a successor to the Soviet-era KGB), with running a series of attacks from 2012 through 2017 against industrial control and supervisory control and data systems in energy facilities in the U.S. and overseas.

The counts in each indictment could yield decades of jail time for the defendants. But pending Russian regime change or their being foolish enough to leave the country–which itself would require non-trivial travel hacking, given how most of the rest of the world has economically firewalled Russia since its invasion of Ukraine–they seem unlikely to see the inside of a U.S. courthouse. 

The DOJ release links to a page posted Thursday by the Cybersecurity &