Russian nationals indicted for epic Triton/Trisis and Dragonfly cyberattacks on energy firms

Kelly Jackson Higgins, Dark Reading

March 28, 2022

2 Min Read
Urgent Comms logo in a gray background | Urgent Comms

The US government today unsealed two blockbuster indictments handed down in 2021 charging four Russian nationals working for that nation’s government with allegedly perpetrating two major industrial system cyberattack campaigns that targeted the global energy sector between 2012 and 2018.

In a now-unsealed June 2021 indictment, the US Department of Justice charged Evgeny Viktorovich Gladkikh, a Russian Ministry of Defense research institute employee, and two co-conspirators for their role in the infamous Triton/Trisis malware tools used in a 2017 attack that shut down Schneider Electric’s safety instrumentation system at a petrochemical plant in Saudi Arabia. The defendants also were charged with trying to breach a US critical infrastructure management firm.

Triton was one of the first known industrial cyberattacks meant to inflict major physical and potentially life-threatening damage on a industrial plant: The malware was intended to sabotage and fool the Schneider safety system so it would be unable to detect unsafe conditions of its ICS equipment.

Gladkikh, 36, a computer programmer, and his co-conspirators created and dropped the Triton malware in an oil refinery in Saudi Arabia. The malware instead triggered emergency shutdowns at the refinery. The defendants then repeatedly tried to break into the network of a US company that owns similar refineries, but failed, the indictment said.

Gladkikh was charged with conspiracy, damage, and computer fraud crimes, which could bring a total maximum sentence of 45 years in prison.

Dragonfly
The second unsealed indictment is from August 2021, which charges Russian Federal Security Service officers Pavel Aleksandrovich Akulov, 36; Mikhail Mikhailovich Gavrilov, 42; and Marat Valeryevich Tyukov, 39, for a long-running cyberattack campaign against the energy sector, known as the Dragonfly or Havex attacks.

To read the complete article, visit Dark Reading.

 

 

Subscribe to receive Urgent Communications Newsletters
Catch up on the latest tech, media, and telecoms news from across the critical communications community