Did the Russian government try to hack into a U.S. nuclear power plant, Wolf Creek in Kansas, repeatedly over eight years? That’s the charge in an August federal indictment, released this week (March 25). The multitudes of attacks, from 2012 through 2018, were marginally successful, but posed no real threat to the 1,200-MW Westinghouse pressurized water reactor.
According to the Topeka Capital-Journal, “Russian military officers are charged with combined 20 counts alleging conspiracy, computer fraud, wire fraud and identity theft. Among the list of victims was Wolf Creek Nuclear Operating Corporation in Burlington.
Russian military officials Pavel Aleksandrovich Akulov, Mikhail Mikhailovich, Gavrilov Marat, and Valeryevich Tyukov, are charged with a combined 20 counts alleging conspiracy, computer fraud, wire fraud and identity theft. Three worked directly for the Russian’s government FSB international spy agency and the fourth was a contractor.
The attack on Wolf Creek was part of a much broader Russian effort to penetrate international businesses, according to the government. An FBI press release said the Russian government was “attempting, supporting and conducting computer intrusions that together, in two separate conspiracies, targeted the global energy sector between 2012 and 2018. In total, these hacking campaigns targeted thousands of computers, at hundreds of companies and organizations, in approximately 135 countries.”
Deputy Attorney General Lisa O. Monaco said, “Russian state-sponsored hackers pose a serious and persistent threat to critical infrastructure both in the United States and around the world. Although the criminal charges unsealed today reflect past activity, they make crystal clear the urgent ongoing need for American businesses to harden their defenses and remain vigilant. Alongside our partners here at home and abroad, the Department of Justice is committed to exposing and holding accountable state-sponsored hackers who threaten our critical infrastructure with cyber-attacks.”
The attacks included spearphising of email accounts and SQL injection exploits. The indictment notes “that while many targets of spearphishing emails opened malicious attachments, network firewalls blocked or mitigated most of the malicious activity before the hackers could leverage stolen credentials.”
According to Reuters, the widespread attacks included a Saudi oil refinery, The news service said, “The 2017 Saudi refinery attack stunned the cybersecurity community when it was made public by researchers later that year because – unlike typical digital intrusions aimed at stealing data or holding it for ransom – it appeared aimed at causing physical damage to the facility itself by disabling its safety system. U.S. officials have been tracking the case ever since.”
The New York Times observed that the unsealed indictment “served as yet another warning from the Biden administration of Russia’s ability to conduct such operations. It came days after President Biden told businesses that Moscow could wage such attacks to retaliate against countries that have forcefully opposed the Russian invasion of Ukraine.”
–Kennedy Maize