1 min

Triton: U.S. indicts four Russian government employees

The U.S. Department of Justice has indicted four Russian state employees for attacks on critical energy facilities using the Triton software, carried out between 2012 and 2019.

Cybercrime - April 04, 2022

On 24 March 2022, as the war between Russia and Ukraine continues to rage, the United States formally indicted four Russians (employed by the Kremlin) for large-scale cyberattacks.

Committed between 2012 and 2019 in 135 countries—including the United States—the attacks used Triton software, designed to take control of the IS of critical infrastructure, particularly energy. The indictment follows two original complaints from 2017.

The first targets Evgeny Viktorovich Gladkikh, an employee of a Russian Ministry of Defence research institute, who allegedly piloted the creation of Triton and shut down an oil refinery (in 2017) and another unidentified facility (in 2019), both based in the Middle East.

The second complaint targets Pavel Aleksandrovich Akulov, Mikhail Mikhailovich Gavrilov and Marat Valeryevich Tyukov, three officers in Military Unit 71330 of the Russian FSB (Federal Security Service), the successor to the KGB.

They are accused of leading the DragonFly attack campaign, which targeted—between 2012 and 2019—the supply chains and ICS/SCADA systems of hundreds of energy facilities around the world (including a nuclear power plant), potentially to take control of them.

The State Department said its Rewards for Justice (RFJ) programme was offering $10 million for information on the three officers. This is the first time the RFJ has targeted employees of Russian government institutions.

Send this to a friend