KANSAS CITY, Mo. (WDAF) — Russian hackers targeted dozens of sites, including a nuclear power plant in Kansas, according to two indictments that were returned in August but were unsealed by the Department of Justice Thursday.
One of the indictments alleged that three people working for the Russian government hacked into nuclear power plants, supply chains, oil and gas firms, as well as other power and utility companies between 2014 and 2017.
The indictment said the hackers used spearphishing attacks to gain access to computer networks at the sites. It would have allowed the Russian government to disrupt and damage the computers at each site whenever it wanted to do so.
The indictment said the hackers were successful in compromising the networks at Wolf Creek Nuclear Operating Corporation in Burlington, Kansas.
Pavel Aleksandrovich Akulov, Mikhail Mikhailovich Gavrilov, and Marat Valeryevich Tyukov are each charged with 21 crimes ranging from computer fraud to identity theft and conspiracy to cause damage to property of an energy facility.
The indictment said the hackers targeted engineers and employees at more than 500 sites in 135 countries. The document said the suspects sent emails to employees at Wolf Creek, claiming to be applying for work at the nuclear power plant.
Instead, the emails installed malware on Wolf Creek computers. When the employees browsed a compromised website, the hackers were able to capture login credentials used to access the plant’s network.
Instead, the indictment said the men were officers at Federal Security Service in Moscow, Russia.
“The potential of cyberattacks to disrupt, if not paralyze, the delivery of critical energy services to hospitals, homes, businesses and other locations essential to sustaining our communities is a reality in today’s world,” Duston Slinkard, U.S. Attorney for the District of Kansas, said. “We must acknowledge there are individuals actively seeking to wreak havoc on our nation’s vital infrastructure system, and we must remain vigilant in our effort to thwart such attacks. The Department of Justice is committed to the pursuit and prosecution of accused hackers as part of its mission to protect the safety and security of our nation.”
The U.S. government said it is working to enhance private sector network defense systems to stop similar malicious activity.