Russian Nationals Indicted for Epic Triton/Trisis and Dragonfly Cyberattacks on Energy Firms

Four Russian government employees were charged by the DoJ for attack campaigns targeting hundreds of energy sector companies and organizations in 135 countries, including the US.

The US government today unsealed two blockbuster indictments handed down in 2021 charging four Russian nationals working for that nation’s government with allegedly perpetrating two major industrial system cyber attack campaigns that targeted the global energy sector between 2012 and 2018.

In a now-unsealed June 2021 indictment, the US Department of Justice charged Evgeny Viktorovich Gladkikh, a Russian Ministry of Defense research institute employee, and two co-conspirators for their role in the infamous Triton/Trisis malware tools used in a 2017 attack that shut down Schneider Electric’s safety instrumentation system at a petrochemical plant in Saudi Arabia. The defendants also were charged with trying to breach a US critical infrastructure management firm.

Triton was one of the first known industrial cyberattacks meant to inflict major physical and potentially life-threatening damage on an industrial plant: The malware was intended to sabotage and fool the Schneider safety system so it would be unable to detect unsafe conditions of its ICS equipment.

Gladkikh, 36, a computer programmer, and his co-conspirators created and dropped the Triton malware in an oil refinery in Saudi Arabia. The malware instead triggered emergency shutdowns at the refinery. The defendants then repeatedly tried to break into the network of a US company that owns similar refineries, but failed, the indictment said. Read more:

Leave a Reply

Your email address will not be published. Required fields are marked *