Threat Watch

Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide

The Department of Justice (DOJ) announced that four Russian nationals that were working for the Russian government have been charged with attempting, supporting, and conducting computer intrusions that together, in two separate conspiracies, targeted the global energy sector between 2012 and 2018. In total, these hacking campaigns targeted thousands of computers, at hundreds of companies and organizations, in approximately 135 countries. The charges are related to two separate hacking campaigns that targeted critical infrastructure worldwide. The first concerns the alleged efforts of an employee of a Russian Ministry of Defense research institute that targeted critical infrastructure causing two separate emergency shutdowns at a foreign targeted facility. The employee and his co-conspirators then attempted a similar attack on a U.S. company that managed similar critical infrastructure entities in the United States. The second incident involves a two-phased campaign led by three officers of Russia’s Federal Security Service (FSB). The individuals were targeting hundreds of entities related to the energy sector worldwide in hopes to compromise and damage computer systems of the organizations. The FSB hackers were members of a Center 16 operational unit known among cybersecurity researchers as “Dragonfly,” “Berzerk Bear,” “Energetic Bear,” and “Crouching Yeti.”

ANALYST NOTES

This week, the White House announced that intelligence reports indicate a Russian cyber-attack targeting U.S. organizations is likely. This attack would be in response to the recent sanctions on Russia and the military support the U.S. has provided to Ukraine. World leaders have continued to urge Russia to withdraw their troops from Ukraine and end the war they started a month ago. Russian President Vladimir Putin has shown no indication of ending the war and condemns the sanctions from the west. Although the U.S. continues to avoid direct conflict with Russia, they will likely launch a counter-cyber attack should Russia initiate their own first. Threat researchers believe Russia will target organizations in critical infrastructure. The Cybersecurity and Infrastructure Security Agency (CISA) continues to provide alerts on how organizations should prepare and protect themselves from such an attack here: https://www.cisa.gov/shields-up

https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical