The FBI has accused four Russians of hacking energy companies around the world “using techniques designed to enable future physical damage with potentially catastrophic effects”.
Two unsealed indictments claim the men worked for Russia‘s government while targeting hundreds of victims in more than 135 countries including the United Kingdom, Ireland, and even China between 2012 and 2018.
The hackers are accused of breaking into and threatening critical infrastructure “both in the United States and around the world” according to deputy attorney general Lisa Monaco, and there is a reward of up to $10m (£7.5m) for information about each of them.
Read more: US warns businesses to be prepared for Russian cyber attacks
Four men charged in two indictments
The first was against Evgeny Viktorovich Gladkikh, who allegedly worked for the Russian ministry of defence.
The second against Pavel Aleksandrovich Akulov, Mikhail Mikhailovich Gavrilov, and Marat Valeryevich Tyukov who are accused of working for Russia’s security services.
Attack could have killed people
Among the attacks was one targeting a petro-chemical plant in Saudi Arabia with malware “designed specifically to target the planet’s safety override” according to the UK’s National Cyber Security Centre.
The NCSC said the malware “had the capability to cause significant impact, possibly including the release of toxic gas or an explosion – either of which could have resulted in loss of life and physical damage to the facility.”
Foreign Secretary Liz Truss said Britain would be sanctioning a subsidiary of the Russian defence ministry as a result of the attack on the Saudi plant.
NCSC added it was “almost certain” that hackers belonging to Centre 16 of Russia’s Federal Security Service (FSB) – the successor organisation to the KGB – were behind numerous hacking campaigns.
Alongside the group’s activities was the targeting of UK energy companies and “the press secretary of Mikhail Khodorkovskiy, a UK-based longstanding critic of the Kremlin, and monitoring a website he set up to expose corruption in the Russian government”.
Centre 16 was also accused of compromising the business network (but not the operational network) of the Wolf Creek nuclear power plant in Kansas.
Hacking for future contingencies
John Hultquist, the vice president of intelligence analysis at cyber security company Mandiant, noted that the indictments come amid increasing concerns about Russian cyber attacks connected to the invasion of Ukraine.
Although the hackers hadn’t been detected carrying out disruptive attacks, they have been seen burrowing “into sensitive critical infrastructure for some future contingency,” he said.
“Our concern with recent events is that this might be the contingency we have been waiting for,” added Mr Hultquist.
“Although the criminal charges unsealed today reflect past activity, they make crystal clear the urgent ongoing need for American businesses to harden their defences and remain vigilant,” said Ms Monaco.
Mr Hultquist said the indictments were a “warning shot” to the Kremlin’s hackers: “These actions are personal and are meant to signal to anyone working for these programs that they won’t be able to leave Russia anytime soon.”
The Russian Federation has consistently denied involvement with cyber attacks alleged by the US, UK and allies.