Thursday, March 24, 2022

Four Russian Agents Charged With Hacking & Targeting Global Critical Infrastructure

Four Russian agents charged in two separate hacking campaigns targeting global critical infrastructure.  According to FBI press release, the Department of Justice "unsealed two indictments today charging four defendants, all Russian nationals who worked for the Russian government, with attempting, supporting, and conducting cyber intrusions that together, in two separate conspiracies, targeted the global energy sector between 2012 and 2018. In total, these hacking campaigns targeted thousands of computers, at hundreds of companies and organizations, in approximately 135 countries.

 Critical infrastructure  is a term used by government entities to describe assets that are essential for the functioning of a society and economy.  While such assets are different for each country, most  commonly associated with the term are facilities for:

In the  USA, the  Patriot Act of 2001 defined critical infrastructure as those "systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters."  In 2014 the NIST Cybersecurity Framework was published, and quickly became a popular set of guidelines, despite the significant costs of full compliance.




A June 2021 indictment in the District of Columbia, United States v. Evgeny Viktorovich Gladkikh, concerns the alleged efforts of an employee of a Russian Ministry of Defense research institute and his co-conspirators to damage another country’s critical infrastructure, thereby causing two separate emergency shutdowns at the targeted facility. The conspiracy subsequently attempted to hack the computers of a U.S. company that managed similar critical infrastructure entities in the United States.

Similarly, an August 2021 indictment from the District of Kansas, United States v. Pavel Aleksandrovich Akulov, et al., details allegations about a two-phased campaign undertaken by three officers of Russia’s Federal Security Service (FSB) and their co-conspirators to target and compromise the computers of hundreds of energy sector-related companies and entities worldwide. Access to such systems would have provided the Russian government the ability to, among other things, disrupt and damage such computer systems at a future date of its choosing.

No comments: