The U.S. Department of State is offering up to $10 million for information on three Russian intelligence officers accused of conducting cyberattacks against American critical infrastructure.
The men—Marat Valeryevich Tyukov, Mikhail Mikhailovich Gavrilov, and Pavel Aleksandrovich Akulov—are identified as members of the Federal Security Service (FSB) Center 16, also called Military Unit 71330. Cybersecurity researchers have long tracked this unit under aliases such as Berserk Bear, Blue Kraken, Crouching Yeti, Dragonfly, and Koala Team.
According to U.S. officials, these operatives played a leading role in sophisticated hacking operations that targeted government systems, nuclear energy companies, and other key sectors.
Indictments Highlight Years of Intrusions
In March 2022, federal prosecutors charged the three officers for activities carried out between 2012 and 2017. Investigators say they tried to infiltrate U.S. government networks, including the Nuclear Regulatory Commission, and attacked private energy firms.
One high-profile target was the Wolf Creek Nuclear Operating Corporation, which oversees a nuclear power facility in Kansas. Officials stressed that the campaign underscored how far Russian operatives were willing to go in attempting to breach critical infrastructure.
The indictment framed the attacks as part of a broader Kremlin-backed effort to undermine U.S. security and collect intelligence on sensitive energy operations.
Cyber Campaign Spanned the Globe
While American systems were a priority, the same group is believed to have gone after over 500 energy companies in 135 countries.
The State Department noted the scale of the campaign when announcing the bounty. Through its Rewards for Justice program, it urged people worldwide to share credible information about the three officers. The department also said whistleblowers could qualify for relocation support if needed.
Cisco Vulnerabilities Exploited
The hacking activity tied to these operatives has not stopped. In August 2024, the FBI warned that the group had been exploiting a known flaw in Cisco networking equipment, CVE-2018-0171, throughout the past year.
This vulnerability, first addressed by Cisco in 2018, affects older networking devices. It allows attackers to run malicious code remotely on unpatched systems. Despite multiple advisories, many organizations failed to apply updates.
Cisco’s Talos security division reported that the operatives actively used the flaw to break into systems. Victims included telecommunications firms, universities, and manufacturers across North America, Europe, Asia, and Africa.
A Pattern of Persistent Attacks
Over the last decade, the same Russian group has repeatedly targeted U.S. entities. Its victims have included state and local governments, tribal agencies, and even aviation organizations.
Security experts view these attacks as part of a consistent Russian strategy—using long-term infiltration campaigns to disrupt adversaries, steal sensitive data, and test the resilience of foreign infrastructure.
Expanding the Rewards Program
This latest reward is part of a broader U.S. push to go after state-backed hackers. The Rewards for Justice program, run by the Diplomatic Security Service, has been increasingly used to expose cybercriminals working under foreign governments.
In June 2024, a similar reward of up to $10 million was announced for information on hackers tied to the RedLine infostealer malware and its suspected Russian developer, Maxim Alexandrovich Rudometov.
By publicizing names and putting financial bounties on them, Washington aims to limit the freedom of movement of these operatives and deter future attacks.
While Russian intelligence officers rarely face prosecution inside their own country, U.S. officials hope international pressure can curb their activities. Naming individuals, issuing criminal charges, and attaching financial rewards make it harder for them to operate openly abroad.
The United States sees these steps as essential to protecting critical services like power grids, communications networks, and aviation from foreign cyber threats.
