The supply-chain attack on the U.S. energy sector targeted thousands of computers at hundreds of organizations, including at least one nuclear power plant.
The U.S. Department of Justice (DOJ) has indicted four Russian government employees in connection to plots to cyber-fry critical infrastructure in the United States and beyond, including at least one nuclear power plant.
The campaigns involved one of the most dangerous malwares ever encountered in the operational technology and energy sectors: Triton, aka Trisis, a Russia-linked malware used to shut down an oil refinery in 2017 and another Mideast target in 2019.
Two related indictments were unsealed yesterday: one that named Evgeny Viktorovich Gladkikh (PDF), an employee of the Russian Ministry of Defense, and another (PDF) that named three officers in Military Unit 71330 – or “Center 16” – of Russia’s Federal Security Service (FSB), which is the successor to Russia’s KGB.
Center 16 is the FSB’s main structural unit for signals intelligence, consisting of a central unit housed in unmarked administrative buildings spread across Moscow and secluded forest enclosures, with massive satellite dishes pointing out to listen to the world. It’s known by cybersecurity researchers as “Dragonfly,” “Energetic Bear” and “Crouching Yeti.”