The US Federal Bureau of Investigation (FBI) has issued arrest warrants for three suspected Russian government hackers who they believe hacked into Irish cyber systems as well as those of many other countries.
The FBI has released a wanted poster for three men, who they say work for the FSB, Russia’s Federal Security Service, which is the agency that replaced the KGB after the fall of the USSR. Earlier in the day, a wanted notice was issued for a fourth man.
Organizations they are accused of hacking include “global oil and gas companies, utility and power grid companies, nuclear power plants, renewable energy companies, consulting and engineering groups and advanced technology companies.
In a wanted poster released last night, the FBI claimed the men were members of a Russian state hacking team tasked with targeting countries around the world between 2012 and 2018.
The FBI said they were indicted by a Kansas grand jury in August last year “for their alleged involvement in computer intrusions, wire fraud and aggravated offenses of identity theft.”
“These officers were members of Center 16, a component of the FSB also known as Military Unit 71330, and were part of a team within Center 16 known to cybersecurity researchers as Dragonfly, Energetic Bear and Crouching Yeti.
“As alleged in the indictment, the three FSB agents, Pavel Aleksandrovich Akulov, Mikhail Mikhailovich Gavrilov and Marat Valeryevich Tyukov, knowingly and intentionally conspired with each other, and with known and unknown persons, to obtain and maintain a persistent unauthorized access (“hacking”) to victimized computer networks belonging to corporations and other entities in the global energy sector, including their power generation facilities, thereby enabling the Russian government to disrupt and destroy ‘damage these systems, if desired,’ the wanted notice reads.
The wanted notice published by the FBI.
Source: Federal Bureau of Investigation
The FBI indictment alleges that the Russian team targeted hundreds of US and international energy companies.
They also reportedly targeted Ireland along with 135 other countries and 380 companies around the world.
In a statement released last night by the UK Foreign Office, the UK’s National Cyber Security Center claimed that the hackers had almost certainly targeted a nuclear power station in the US.
“The National Cyber Security Center (NCSC) assesses that it is almost certain that FSB Center 16 is also known by the aliases of its hacker group ‘Energetic Bear’, ‘Berserk Bear’ and ‘Crouching Yeti ‘, and carried out malicious cyber activity, targeting critical computer systems and national infrastructures in Europe, America and Asia.
The British statement, which did not name the three men identified by the FBI, alleged that they tried to target systems controlling the Wolf Creek nuclear power plant in Kansas, United States, in 2017.
Earlier this month, the Oireachtas Foreign and Defense Committee heard from Minister Simon Coveney, who said the Irish government was taking precautions against possible cyberattacks.
His appearance came against the backdrop of the ongoing war in Ukraine, with Ireland set to potentially take in tens of thousands of refugees from the war-torn country.
Cyberattacks can cripple public and private systems, leading to widespread disruption of services. In April 2017, Eirgrid suffered a cyberattack when hackers targeted the energy supplier with malware. US or UK authorities have not officially linked the Eirgrid attack to the FSB Center 16 hackers.
No news, bad news
Support the review
Your contributions will help us continue to deliver the stories that matter to you
Support us now
Russian hackers are prime suspects in the attack on HSE computer systems last year – although it fell outside the time frame contained in the FBI’s indictment.
Gardaí said they investigated the hack and identified the addresses of the computers involved in the incident.
A spokesperson for the Irish National Cyber Security Center (NCSC) said it was aware of the US charges.
“The government is aware of charges in US courts against four Russian government employees in connection with malicious cyber activity, targeting a range of critical energy infrastructure in 135 countries, including Ireland, between 2012 and 2018.
“We will continue to engage with the United States, our fellow EU member states and other international partners on next steps regarding this matter,” he said.
A statement was requested from An Garda Síochána.
The Russian Embassy in Dublin has also been contacted for comment. None had been received at the time of publication.