The United States has indicted four Russian men, including three Russian intelligence officers, for alleged hacking campaigns that targeted hundreds of energy companies around the world from 2012 to 2018, the US Justice Department said Thursday.
The indictments cover activity from years ago but underscore Russian hacking capabilities against critical infrastructure at a time when US officials are on high alert for Russian cyberattacks and as President Joe Biden meets with European allies over Russia’s war in Ukraine.
Biden on Monday publicly warned US business executives that Kremlin-linked hackers could target US organizations as the Russian military continues to suffer heavy losses in Ukraine. The FBI also advised the private sector last week that hackers associated with Russian internet addresses have been scanning the networks of five US energy companies in a possible prelude to hacking attempts. There are no known compromises from that recent activity.
But the new Justice Department charges point to Russia’s hacking prowess and showcase the type of activity the US government is concerned about in light of tensions over Russia’s war on Ukraine.
In one indictment unsealed Thursday, three officers at Russia’s FSB intelligence agency are accused of hacking into energy firms, including some in the US, from 2012 to 2017 “in furtherance of the Russian government’s efforts to maintain surreptitious” access to organizations in the energy sector, the Justice Department said. US officials have expressed concern that Russian operatives could use that type of access to disrupt US critical infrastructure firms if Moscow had the incentive to.
In the other indictment, an employee of a Russian Ministry of Defense research institute is accused of helping hack into a petrochemical facility in Saudi Arabia in 2017 and causing it to shut down twice. That hacking incident caused alarm in the cybersecurity industry at the time because the malicious code used in the incident targeted safety systems that prevent explosions in power plants.
The Russian Embassy in Washington did not immediately respond to a request for comment.
All four of the indicted men are believed to be in Russia.
“In these two cases, we’ve determined that the benefit of revealing the results of the investigation now outweighs the likelihood of arrests in the future,” a senior Justice Department official said. “These charges show the dark art of the possible when it comes to critical infrastructure.”
The three FSB officers are accused of being part of a hacking group that targeted numerous energy firms in the US and abroad from 2012 to 2017, including the computer network of a corporation that runs a power plant in Kansas.
“Although this (hacking) group is not associated with any known, deliberate disruptive event, today’s indictment and previous research shows how extensively this group operated to breach critical systems globally,” Joe Slowik, senior manager at cybersecurity firm Gigamon, told CNN. “In light of Russia’s invasion of Ukraine, this activity becomes especially concerning as potential footholds for future destructive events.”
Before the 2020 US election, the hacking group breached certain state and local government organizations, but the activity did not affect voting in any way.
The other Russian hacking group referenced by Thursday’s news, which was involved in the 2017 shutdown of the facility in Saudi Arabia, subsequently attempted to breach the computers of a US firm “that managed similar critical infrastructure entities in the United States,” the Justice Department said in a news release. That hacking attempt was unsuccessful, the senior Justice Department official told reporters Thursday.
In December, the same hacking group probed the computer networks of US electric utilities that operate liquefied natural gas facilities, CNN previously reported.
US officials have briefed firms from the US energy and financial sectors, among others, extensively on Russian hacking capabilities in recent months, and many big firms have invested heavily in cyber defenses in recent years.
This story has been updated with additional details and background.