IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

UK, US uncover Russia's role in cyber campaigns against critical infrastructure facilities

The revelations come as the US indicts four members of the Russian government for leading two separate historical attacks

The US has indicted four members of the Russian government over two separate cyber security incidents between 2012 and 2018 that targeted global critical infrastructure organisations.

The UK and US helped uncover the alleged “conspiracies” to launch potentially lethal cyber attacks on critical infrastructure organisations, detailing each government’s account in separate reports, including the 2017 attack on a Saudi Arabian petrochemical facility.

The attack on the Saudi facility was allegedly conducted by the Russian Ministry of Defence research institute, the US Department of Justice (DoJ) said. A similar operation subsequently targeted US infrastructure too, it added.

The malware attack allegedly sought to hand control of the Saudi facility’s systems to the attackers who then aimed to use that access to cause two emergency shutdowns by overriding safety controls. The act could have led to the release of toxic gas or an explosion, but the hackers ultimately failed to gain access.

A separate two-phased campaign allegedly spearheaded by three Russian FSB officials also led to charges. In this case, the operation sought to compromise the computers of hundreds of entities that would have eventually led to the Russian government being able to disrupt and damage these systems at a later time of its choosing, the DoJ said.

The UK’s statement revealed that one of these compromised systems was used to control the Wolf Creek nuclear power plant in Kansas, US in 2017 but failed to have any negative imapct.

Both attacks were launched on the watch of Russia’s Federal Security Service (FSB), the successor agency to the KGB, said the UK’s Foreign, Commonwealth & Development Office (FCDO).

Liss Truss, the UK’s foreign secretary, sanctioned a Russian Ministry of Defence subsidiary in light of the revelations, though it’s currently unclear what these sanctions aim to achieve.

Related Resource

Selecting a fit-for-purpose server platform for datacentre infrastructure

Driving the change in infrastructure

Whitepaper cover with man wearing glasses stood holding and looking at a laptop, with purple and blue data and number graphicFree Download

“Russia’s targeting of critical national infrastructure is calculated and dangerous,” said Truss. “It shows Putin is prepared to risk lives to sow division and confusion among allies.

“We are sending a clear message to the Kremlin by sanctioning those who target people, businesses and infrastructure. We will not tolerate it.”

The FCDO said the FSB has a long history of targeting UK energy companies, “sustained and substantial” monitoring of US aviation sector networks, and data exfiltration. It has also attempted to spear-phish its own nationals and UK-based Kremlin critics.

“Russian state-sponsored hackers pose a serious and persistent threat to critical infrastructure both in the United States and around the world,” said Lisa O. Monaco, deputy attorney general. “Although the criminal charges unsealed today reflect past activity, they make crystal clear the urgent ongoing need for American businesses to harden their defences and remain vigilant.

“Alongside our partners here at home and abroad, the Department of Justice is committed to exposing and holding accountable state-sponsored hackers who threaten our critical infrastructure with cyber attacks.”

The US has deployed a sustained effort to increase the entire nation’s cyber security posture since the ransomware attack on Colonial Pipeline last year.

It was perhaps the most high-profile attack on critical infrastructure in recent years, but just one of 649 total ransomware attempts on US critical infrastructure in 2021, according to complaints received by the Internet Crime Complaint Center (IC3), an FBI department dedicated to internet crime reporting.

The Biden administration has changed the federal perception of ransomware, giving these cyber attacks the same status as a kinetic terrorist incident, and has also overseen an overhaul in the way federal government departments patch against common cyber security vulnerabilities.

President Biden issued an additional call for increased cyber security vigilance this week, saying there is a heightened threat that Russia will look to carry out cyber attacks against the United States.

Supporting the call, the UK’s National Cyber Security Centre (NCSC) said: “In heightened periods of international tension all organisations should be vigilant to cyber risks, and for several months the NCSC has been advising organisations to bolster their cyber security.

“While the NCSC are unaware of specific, targeted threats to the UK resulting from Russia’s illegal invasion of Ukraine, we recommend organisations follow this advice as a priority,” it added.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download


What is cyber warfare?

What is cyber warfare?

20 May 2022

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022