Three Russian spies tried to take control of power plants in a wide-ranging hacking conspiracy that targeted hundreds of energy companies in 135 countries, US federal prosecutors announced Thursday.
The trio were members of a covert unit within the Russian Federal Security Service nicknamed “Dragonfly” that hacked the hardware and software of computer systems that controlled nuclear power plants and other energy facilities, the Department of Justice said in a newly unsealed indictment.
Pavel Aleksandrovich Akulov, 36, Mikhail Mikhailovich Gavrilov, 42, and Marat Valeryevich Tyukov, 39, used “spearphishing” email scams to gain access to systems at various companies, then hid malware in software updates that was spread to over 17,000 users, according to the indictment.
The two-phased conspiracy allegedly lasted between 2012 and 2017 with targets including the US Nuclear Regulatory Commission, an unnamed New York-based renewable energy facility and Wolf Creek Nuclear Operating Corp. in Kansas, where a grand jury returned the indictment against the spies in August.
Some of the other companies targeted by the Russian government spies were located in the UK, Canada, China, France and Germany, prosecutors claim.
Duston Slinkard, US attorney for the District of Kansas, said the DOJ was focused on “its mission to protect the safety and security of our nation.”
“The potential of cyberattacks to disrupt, if not paralyze, the delivery of critical energy services to hospitals, homes, businesses and other locations essential to sustaining our communities is a reality in today’s world,” Slinkard said in a statement.
“We must acknowledge there are individuals actively seeking to wreak havoc on our nation’s vital infrastructure system, and we must remain…