Document of the Day: Russian Government Hackers Indicted

Image: Screenshot

The US Department of Justice (DOJ) has unsealed two federal indictments charging four employees of the Russian government with a conspiracy to hack into the global energy sector and gain remote control over critical pieces of infrastructure. The indictments offer a detailed, inside look at the state of official Russian hacking today, and point to an extraordinary program that targeted “thousands of computers, at hundreds of companies and organizations, in approximately 135 countries.”

DOJ indictment of a Russian Defence Ministry employee on hacking and conspiracy charges.

In a press release about the indictments, which were handed down last year but only made public last week, the DOJ alleges two separate hacking campaigns: the first involving a Russian citizen who worked for the country’s Ministry of Defense; a second involving three other Russians who worked for the Federal Security Service (FSB), successor agency to the KGB.

In June 2021, the US government indicted an employee of the Russian Defense Ministry’s research institute on two counts of conspiracy and one count of attempting to damage an energy facility for allegedly triggering two emergency shutdowns at a foreign oil refinery in 2018. According to the charges filed in the District of Columbia, the defendant and unnamed co-conspirators also attempted to secretly infiltrate  similar energy facilities in the US.

The August 2021 indictment identifying the three FSB officers was filed in US District Court in Kansas, and charges the group with numerous violations related to computer fraud and abuse, wire fraud, identity theft, and damaging an energy facility. Per the DOJ, the FSB officers — known colloquially as “Dragonfly,” “Berzerk Bear,” and “Energetic Bear” — worked for a period of five years, from 2012 to 2017 , on compromising “software and hardware that controls equipment in power generation facilities.” Had they been successful, they would have given the Russian government the ability to “disrupt or damage” computer systems controlling numerous energy sector companies. Among the trio’s many supposed targets was a nuclear power plant in Burlington, Kansas. “Hundreds of foreign victims and targets of the conspiracy were based in over 135 countries,” the DOJ alleges.

Additional Resources

Investigating Russia Around the World: A GIJN Instant Toolkit

How Journalists Are Coping with a Heightened Surveillance Threat

Investigating A Cyberwar