[BreachExchange] $10M bounty on Russian hackers who targeted a nuclear power plant

Mon Mar 28 10:58:40 EDT 2022

https://www.bostonherald.com/2022/03/25/russian-officials-charged-in-years-old-energy-sector-hacks-2/

Four Russian officials, including hackers with a government intelligence
agency, have been charged with the malicious hacking of critical
infrastructure around the globe including the U.S. energy and aviation
sectors between 2012 and 2018, the U.S. Justice Department and British
Foreign Office announced.

Among the thousands of computers targeted in some 135 countries were
machines at a Kansas nuclear power plant — whose business network was
compromised — and at a Saudi petrochemical plant in 2017 where the hackers
overrode safety controls, officials said.

The State Department on Thursday announced rewards of up to $10 million for
information leading to the “identification or location” of any of the four
defendants.

Though the intrusions date back years, the indictments were unsealed as the
FBI has raised fresh alarms about efforts by Russian hackers to scan the
networks of U.S. energy firms for vulnerabilities that could be exploited
during Russia’s war against Ukraine.

The Foreign Office suggested in an announcement on its website that the
timing — exposing “the global scope” of hacking by the KGB’s successor spy
agency — was directly related to Russian President Vladimir Putin’s
“unprovoked and illegal war in Ukraine.”

Additionally, multiple U.S. federal agencies on Thursday published a joint
advisory on the hacking campaign, alerting energy executives to take steps
to protect their systems from Russian operatives.

“The DOJ is firing warning shots at people who run Russia’s cyberattack
capability,” tweeted threat intelligence analyst John Hultquist at the
cybersecurity firm Mandiant.

“Russian state-sponsored hackers pose a serious and persistent threat to
critical infrastructure both in the United States and around the world,”
Deputy Attorney General Lisa Monaco said in a statement. “Although the
criminal charges unsealed today reflect past activity, they make crystal
clear the urgent ongoing need for American businesses to harden their
defenses and remain vigilant.”

None of the four defendants is in custody, though a Justice Department
official who briefed reporters said officials deemed it better to make the
investigation public rather than wait for the “distant possibility” of
arrests.

The hackers are accused of installing malware into legitimate software
updates on more than 17,000 devices in the U.S. and other countries. Their
supply chain attacks between 2012 and 2014 targeted oil and gas firms,
nuclear power plants and utility and power transmission companies,
prosecutors said.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220328/d73fcb8f/attachment.html>