INDICTMENTS: Russian nationals charged with hacking schemes targeting energy sector, including Wolf Creek
Unsealed federal indictments indicate four Russian nationals tried cyberattacks on “the global energy sector” over a 10-year stretch, with Wolf Creek Nuclear Energy Station outside Burlington as one of the targets.
Federal authorities say the indictments actually involve two separate conspiracies to attack energy worldwide between 2012 and 2018, with the goals of damaging critical infrastructure and compromising computer systems. The campaigns targeted thousands of computers at hundreds of locations in over 130 countries.
As part of an indictment dated Aug. 26, 2021, three Russian nationals — 36-year-old Pavel Akulov, 42-year-old Mikhail Gavrilov and 39-year-old Marat Tyukov — allegedly conducted a two-phase attack, including malware installation, spearphishing or campaigns to target certain individuals to reveal confidential information by sending emails from allegedly known or trusted sources, and “watering hole” attacks on sites visited by groups of employees. The indictment says a second-phase spearphishing attack in May 2017 on Wolf Creek compromised part of the business network and “harvested employee credentials.” That part of the network was not connected to industrial control systems or supervisory control and data acquisition networks, which is what the Russians were ultimately targeting. The defendants also allegedly used the watering hole approach to target Evergy, then known as Westar.
In a statement, Evergy says Wolf Creek successfully defended the attack, which never gained access to the cyber systems that operate the facility or the power grid. Evergy also says the “integrity of the generating station and the power grid was never compromised.” The US Department of Justice credited Wolf Creek and its owners, Evergy and the Kansas Electric Power Cooperative, for their cooperation and help as the investigation unfolded.
Authorities have charged Akulov, Gavrilov and Tyukov with conspiracy to damage energy facility property and commit computer fraud and abuse, as well as conspiracy to commit wire fraud. Akulov and Gavrilov are also charged with additional wire fraud, computer fraud and aggravated identity theft.
Authorities have also charged 36-year-old Evgeny Gladkikh with conspiracy to damage an energy facility, attempted damage to an energy facility and conspiracy to commit computer fraud as part of a separate indictment from last June and unsealed this week.
The indictments come as concerns are rapidly increasing about Russian cyberattacks in light of Russia’s ongoing invasion of Ukraine and the international sanctions against Russia that have followed. More information from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency is online at www.cisa.gov/shields-up.