UK, US uncover Russia's role in cyber campaigns against critical infrastructure facilities

Flag of Russia on a computer binary codes falling from the top and fading away
(Image credit: Getty Images)

The US has indicted four members of the Russian government over two separate cyber security incidents between 2012 and 2018 that targeted global critical infrastructure organisations.

The UK and US helped uncover the alleged “conspiracies” to launch potentially lethal cyber attacks on critical infrastructure organisations, detailing each government’s account in separate reports, including the 2017 attack on a Saudi Arabian petrochemical facility.

The attack on the Saudi facility was allegedly conducted by the Russian Ministry of Defence research institute, the US Department of Justice (DoJ) said. A similar operation subsequently targeted US infrastructure too, it added.

The malware attack allegedly sought to hand control of the Saudi facility’s systems to the attackers who then aimed to use that access to cause two emergency shutdowns by overriding safety controls. The act could have led to the release of toxic gas or an explosion, but the hackers ultimately failed to gain access.

A separate two-phased campaign allegedly spearheaded by three Russian FSB officials also led to charges. In this case, the operation sought to compromise the computers of hundreds of entities that would have eventually led to the Russian government being able to disrupt and damage these systems at a later time of its choosing, the DoJ said.

The UK’s statement revealed that one of these compromised systems was used to control the Wolf Creek nuclear power plant in Kansas, US in 2017 but failed to have any negative imapct.

Both attacks were launched on the watch of Russia’s Federal Security Service (FSB), the successor agency to the KGB, said the UK’s Foreign, Commonwealth & Development Office (FCDO).

Liss Truss, the UK’s foreign secretary, sanctioned a Russian Ministry of Defence subsidiary in light of the revelations, though it’s currently unclear what these sanctions aim to achieve.


Selecting a fit-for-purpose server platform for datacentre infrastructure

Driving the change in infrastructure


“Russia’s targeting of critical national infrastructure is calculated and dangerous,” said Truss. “It shows Putin is prepared to risk lives to sow division and confusion among allies.

“We are sending a clear message to the Kremlin by sanctioning those who target people, businesses and infrastructure. We will not tolerate it.”

The FCDO said the FSB has a long history of targeting UK energy companies, “sustained and substantial” monitoring of US aviation sector networks, and data exfiltration. It has also attempted to spear-phish its own nationals and UK-based Kremlin critics.

“Russian state-sponsored hackers pose a serious and persistent threat to critical infrastructure both in the United States and around the world,” said Lisa O. Monaco, deputy attorney general. “Although the criminal charges unsealed today reflect past activity, they make crystal clear the urgent ongoing need for American businesses to harden their defences and remain vigilant.

“Alongside our partners here at home and abroad, the Department of Justice is committed to exposing and holding accountable state-sponsored hackers who threaten our critical infrastructure with cyber attacks.”

The US has deployed a sustained effort to increase the entire nation’s cyber security posture since the ransomware attack on Colonial Pipeline last year.

It was perhaps the most high-profile attack on critical infrastructure in recent years, but just one of 649 total ransomware attempts on US critical infrastructure in 2021, according to complaints received by the Internet Crime Complaint Center (IC3), an FBI department dedicated to internet crime reporting.

The Biden administration has changed the federal perception of ransomware, giving these cyber attacks the same status as a kinetic terrorist incident, and has also overseen an overhaul in the way federal government departments patch against common cyber security vulnerabilities.

President Biden issued an additional call for increased cyber security vigilance this week, saying there is a heightened threat that Russia will look to carry out cyber attacks against the United States.

Supporting the call, the UK’s National Cyber Security Centre (NCSC) said: “In heightened periods of international tension all organisations should be vigilant to cyber risks, and for several months the NCSC has been advising organisations to bolster their cyber security.

“While the NCSC are unaware of specific, targeted threats to the UK resulting from Russia’s illegal invasion of Ukraine, we recommend organisations follow this advice as a priority,” it added.

Connor Jones

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.