The Justice Department unsealed two indictments Thursday charging four Russian government employees with two separate conspiracies -- outlining their alleged involvement in hacking campaigns that targeted critical infrastructure networks in the U.S. and across the globe between 2012 and 2018.
Altogether, DOJ says the hacking campaigns "targeted thousands of computers, at hundreds of companies and organizations, in approximately 135 countries."
The unsealing of the cases and their detailed hacking schemes, according to the Justice Department, are intended to serve as a warning amid the current tensions with Russia about the "urgent ongoing need for American businesses to harden their defenses and remain vigilant."
"The conduct alleged in these charges is the kind of conduct that we are concerned about under the current circumstances and has been addressed by various parts of the federal government," a senior FBI official told reporters Thursday. "These charges show the dark art of the possible when it comes to critical infrastructure."
In the first case (reported earlier on this DL after its unsealing in D.C. district court), the Justice Department unsealed charges from June of last year against Russian government employee Evgeny Gladkikh who, along with unidentified co-conspirators, carried out hacking attacks that caused two separate emergency shutdowns at a foreign energy facility. They later failed when they allegedly sought to carry out a similar attack on a U.S. company that managed similar critical infrastructure entities.
In a separate case charged in August of last year, the Justice Department charged three officers in Russia's FSB with carrying out a two-phased campaign to "target and compromise the computers of hundreds of entities related to the energy sector worldwide."
"Access to such systems would have provided the Russian government the ability to, among other things, disrupt and damage such computer systems at a future time of its choosing," the Justice Department said Thursday.
The hacking attempts, according to investigators, were part of Russia's efforts to "maintain surreptitious, unauthorized and persistent access to the computer networks of companies and organizations in the international energy sector, including oil and gas firms, nuclear power plants, and utility and power transmission companies."
The indictment alleges that in the first phase of the attacks, the FSB officers were able to install malware on "more than 17,000 unique devices in the United States and abroad, including computer networks used by some power and energy companies. In the second phase, they carried out targeted spearphishing attacks against more than 3300 individuals from more than 500 U.S. and international companies, including U.S. agencies like the Nuclear Regulatory Commission.
According to DOJ, they were actually able to successfully compromise servers that hosted websites visited by energy sector engineers -- when engineers visited a compromised website their login credentials would in some cases be secretly captured by the Russian malware.
None of the individuals publicly identified by DOJ in the new indictments reside in the U.S., making it unlikely they will face arrest or extradition over the charges.