The FBI last week unsealed indictments that confirmed many experts’ most dire assumptions—U.S. infrastructure is in immediate danger of a devastating attack. The charges were against four Russian government employees involved in what the FBI called two “historical hacking campaigns” targeting critical infrastructure globally.
The indictments laid out the defendants’ efforts, including separate operations that targeted both hardware and software related to infrastructure operational technology systems. The four men were involved in an elaborate operation that had been “attempting, supporting and conducting computer intrusions that together, in two separate conspiracies, targeted the global energy sector between 2012 and 2018.”
Although these indictments are regularly expected as Russia is known to be among the global leaders in cyber hacking, certain details of the indictment were enough to call into question the recent enhanced cooperation agreement between America’s two greatest geopolitical foes, Russia and China.
Shockingly, the indictment reveals the fact that Russia had penetrated Chinese infrastructure in the past and this, at the very least, should help cool Beijing’s current support of the Kremlin, as Russian President Vladimir Putin’s Russia was hell-bent on launching cyber attacks against every major global power.
In addition to the cyber threat posed to China by a nation billed as one of their stronger allies, the repercussions of the recent and devastating series of economic sanctions on Russia should serve as notice to China that they may face their own set of damaging sanctions should their support for Russia expand.
Ukraine is not China’s war. There is no advantage for the Chinese to support Russia in this endeavor, which is easily the most unpopular invasion since the United States invaded Iraq.
The new indictments also reveal Russian attacks against European Union and NATO countries, as the United Kingdom and Ireland were also named as victims, as was Saudi Arabia. The first of the two indictments, United States v. Evgeny Viktorovich Gladkikh, relates to the defendants’ efforts to install backdoors in order to launch Triton malware, a strain of code used to compromise industrial control systems (ICS). The attacks targeted energy refineries and caused their ICSs to operate in an unsafe manner while giving the appearance of operating correctly.
The second indictment was similarly related to the manipulation of ICSs and supervisory control and data acquisition (SCADA) systems. This indictment targeted members of the Russian Federal Security Service’s Center 16, an operational unit known within the hacking community by names including “Berzerk Bear,” “Energetic Bear,” and “Crouching Yeti,” and named Russian hackers Pavel Aleksandrovich Akulov, Mikhail Mikhailovich Gavrilov, and Marat Valeryevich Tyukov.
The government alleges that between 2012 and 2017, the three Russians, along with additional unnamed conspirators, conducted supply chain attacks in an effort to “maintain surreptitious, unauthorized and persistent access to the computer networks of companies and organizations in the international energy sector, including oil and gas firms, nuclear power plants, and utility and power transmission companies.”
Such attacks are similar yet separate from the kind that most Americans would more easily identify, like the historic 2021 Colonial Pipeline and JBS Foods targeting the east coast’s fuel supply and the country’s food supply chains, respectively.
Those more familiar attacks were conducted by state-sponsored Advanced Persistent Threat (APT) groups affiliated with the Kremlin, and used ransomware to demand payments in the millions from the victims. These attacks regularly occur and are expected to increase in frequency in 2022.
With end to the Ukraine conflict in sight, Russia will likely continue to launch cyber attacks against the world. With Joe Biden’s latest gaffe-filled commentary that was quickly rebuffed by his staff to the effect that Putin “cannot remain in power,” America and the West writ large must brace for what is sure to be a landmark year for weaponized military hacking.