Kansas — A federal indictment made public Thursday accuses four men with ties to Russian spy outfits of trying to gain control of U.S. nuclear power plants — including one in Kansas — through cyber sabotage.
Prosecutors contend the defendants targeted both software and hardware to cripple critical infrastructure in the U.S., including the Wolf Creek nuclear plant near Burlington, Kansas.
The U.S. Justice Department describes a pair of concerted attacks that involved, among other tactics, planting malware on more than 17,000 devices.
That alleged hacking, the indictment says, had some success that gave saboteurs unauthorized access to networks and computers across the energy sector.
All of the men are Russian nationals accused of working for their Ministry of Defense to wreck parts of the global energy sector between 2012 and 2018. Justice officials say the hacking campaigns sought to infiltrate thousands of computers at hundreds of private companies and government agencies across roughly 135 countries.
“Russian state-sponsored hackers pose a serious and persistent threat to critical infrastructure both in the United States and around the world,” Deputy U.S. Attorney General Lisa O. Monaco said in a news release. “The criminal charges unsealed today … make crystal clear the urgent ongoing need for American businesses to harden their defenses and remain vigilant.”
Although the indictments were unsealed Thursday — amid rising U.S.-Russia tensions — they were first filed in secret in U.S. District Court in Washington, D.C., and Kansas City, Kan., in 2018.
Prosecutors said in a news release that Wolf Creek and its owners, Evergy and the Kansas Electric Power Cooperative, worked with investigators and “provided invaluable assistance.”
The Justice Department contends Wolf Creek fell target to attack in a second phase of attacks known as “Dragonfly 2.0” focused on specific energy facilities, including engineers at the plant. The indictment says the Russian operatives targeted more than 3,300 people at 500 U.S. and foreign companies and government agencies.
Part of the alleged scheme banked on spearfishing hacks that use email to draw people to seemingly legitimate websites that were actually traps designed to steal passwords, plant malware or otherwise gain ways to bypass cybersecurity defenses.
“When the engineers browsed to a compromised website, the conspirators’ hidden scripts deployed malware designed to capture login credentials onto their computers,” according to the Justice Department.
Officials at the U.S. Nuclear Regulatory Commission were also targets of the alleged attacks.
Pavel Aleksandrovich Akulov, Mikhail Mikhailovich Gavrilov, and Marat Valeryevich Tyukov are charged with conspiracy to cause damage to the property of an energy facility and commit computer fraud and abuse, in an indictment in U.S. District Court in Kansas City, Kansas. A second indictment from the D.C. court alleged that Russian national Evgeny Viktorovich Gladkikh and unnamed co-conspirators targeted a foreign oil facility and a U.S. energy company between 2017 and 2018.
FBI Deputy Director Paul Abbate said in a news release that Moscow was responsible for the attacks.
“We will continue,” he said, “to identify and quickly direct response assets to victims of Russian cyber activity.”
News website Politico cited an unnamed Justice official saying more action on the issue could come from the federal government in coming days. The same source told Politico that the defendants are unlikely to be extradited.
Scott Canon is managing editor of the Kansas News Service, a collaboration of KCUR, Kansas Public Radio, KMUW and High Plains Public Radio focused on health, the social determinants of health and their connection to public policy. You can reach him on Twitter @ScottCanon or email scott (at) kcur (dot) org.
Kansas News Service stories and photos may be republished by news media at no cost with proper attribution and a link to ksnewsservice.org.