Dear Readers,
I’m on a very tight deadline. The jury service really messed up my normal workload and I’m barely keeping my head above the mounting emails and files being dumped on my plate. That said I need to take a few days off so I can catch up on my work and family commitments.
However ICYMI —yesterday the DOJ unsealed two indictments and I think you should read them. Three of the four defendants are known Russian Military Intelligence Officers and I have to say that it’s nice to see one of my murder boards was on target. I created that specific murder board in early 2017 and knew that it was only a matter of time. HERE. WE. ARE. FRIENDS👇🏻Note which sectors these Russian Cyber Terrorist targeted: SCADA
The enormity, scope and protracted nature of Russia’s cyber campaign is hard to explain but I’d like to draw your attention to the following finding of facts:
…all Russian nationals who worked for the Russian government, with attempting, supporting and conducting computer intrusions that together, in two separate conspiracies, targeted the global energy sector between 2012 and 2018. In total, these hacking campaigns targeted thousands of computers, at hundreds of companies and organizations, in approximately 135 countries.
As noted by the DOJ-OPA - which reads in part:
In June 2021, a federal grand jury in the District of Columbia returned an indictment charging Evgeny Viktorovich Gladkikh (Евгений Викторович Гладких), 36, a computer programmer employed by an institute affiliated with the Russian Ministry of Defense, for his role in a campaign to hack industrial control systems (ICS) and operational technology (OT) of global energy facilities using techniques designed to enable future physical damage with potentially catastrophic effects.
The three-count indictment alleges that Gladkikh was an employee of the State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics’ (Государственный научный центр Российской Федерации федеральное государственное унитарное предприятие Центральный научно-исследовательский институт химии и механики, hereinafter “TsNIIKhM”) Applied Developments Center (“Центр прикладных разработок,” hereinafter “ADC”).
On its website, which was modified after the Triton attack became public, TsNIIKhM described itself as the Russian Ministry of Defense’s leading research organization. The ADC, in turn, publicly asserted that it engaged in research concerning information technology-related threats to critical infrastructure (i.e., that its research was defensive in nature).
Again I’ll see you on Monday March 28, 2022 —but thought my readers would be very interested in yesterday’s DOJ announcement and the unsealing of two indictments. Note that this was a two phase cyber operation (SCADA woot -if I was a true asshole I’d type “I told you so” ←snort
In the first phase, aa alleged in the indictment took place between 2012 and 2014 and is commonly referred to by cyber security researchers as “Dragonfly” or “Havex,” —the defendants and their conspirators launched a cyber supply chain attack, which infiltrated and compromised the computer networks of ICS/SCADA system manufacturers and softwareproviders and then hiding malware – known publicly as “Havex” – inside legitimate software updates for such systems.
After unsuspecting customers downloaded Havex-infected updates, the conspirators would use the malware to, among other things, create backdoors into infected systems and scan victims’ networks for additional ICS/SCADA devices. Through these and other efforts, including spearphishing and “watering hole” attacks, the conspirators installed malware on more than 17,000 unique devices in the United States and abroad, including ICS/SCADA controllers used by power and energy companies.
Have a great weekend and thank you for understanding my need to take a few days off and engaging in my own advice of “self care” —because my children recently told me that I haven’t been available to them and they asked if they had done something wrong and that is why I was punishing them. Suffice to say that was a huge wake up call to me that my family has quietly suffered by my preoccupation between my job and my extracurricular Substack Activities.
Again have a great weekend and see y’all in a few days.
Be well
-Filey
Share this post