The United States has placed a steep price on justice, with up to $10 million for information that leads to three Russian cybercrime suspects who have been attacking American critical infrastructure for over 10 years.
The State Department issued the reward on Tuesday for information on Marat Valeryevich Tyukov, Mikhail Mikhailovich Gavrilov, and Pavel Aleksandrovich Akulov, three Russian Federal Security Service (FSB) officers who have been systematically attacking U.S. power grids, nuclear plants, and critical services.
They aren’t these stereotypical cybercriminals operating out of a basement somewhere. They are agents of the FSB’s Center 16, or Military Unit 71330, and they are controlled by numerous aliases that cybersecurity researchers have been monitoring for years: Berserk Bear, Blue Kraken, Crouching Yeti, Dragonfly, and Koala Team.
Russian Hackers Target Critical Infrastructure Worldwide
The scale of their activities is phenomenal. Between 2012 and 2017 alone, these officers masterminded an enormous campaign not only against U.S. government agencies such as the Nuclear Regulatory Commission but also against private energy businesses. One such victim was Wolf Creek Nuclear Operating Corporation, an entity operating a nuclear power plant in Burlington, Kansas.
But their goals reached all the way beyond American shores. By the State Department’s reckoning, they’ve attacked over 500 foreign energy firms in 135 nations. This is an international operation that illustrates just how globally connected our contemporary critical infrastructure has grown and how vulnerable it is at the mercy of highly motivated state-backed attackers.
“These officers also went after over 500 foreign energy companies across 135 other nations,” the State Department tweeted, noting the global nature of the threat. The department is urging all who have information to come forward through their Tor-mediated tips channel, suggesting that informants may qualify for the reward money as well as potential assistance with relocation.
The threat from this group hasn’t diminished with time. Just last month, the FBI issued a warning about their latest tactics, revealing that the Russian hackers have been exploiting a vulnerability known as CVE-2018-0171 in outdated Cisco networking equipment.
This particular vulnerability is especially concerning because it affects end-of-life devices that many organizations continue to use despite their age. The hackers can remotely execute code on these unpatched systems, essentially giving them a backdoor into critical networks.
U.S. Offers $10 Million Bounty for Russian State-Sponsored Hackers Exploiting Cisco Vulnerability
Cisco first detected attacks using this vulnerability back in November 2021 and has been urging companies to patch their systems ever since. However, many organizations, particularly in sectors like telecommunications, higher education, and manufacturing, have been slow to respond.
The Russian group has been capitalizing on this delay, successfully breaching networks across North America, Europe, Asia, and Africa.
This FSB unit has established a clear pattern over the past decade. They’ve consistently targeted U.S. state, local, territorial, and tribal government organizations, as well as aviation entities. Their persistence and evolving tactics demonstrate the long-term strategic nature of their operations.
The March 2022 charges against these three officers represent just one piece of a larger puzzle. The U.S. government has been increasingly aggressive in naming and shaming state-sponsored hackers, hoping that public attribution will deter future attacks and encourage international cooperation in cybersecurity efforts.
The bounty announcement follows on the heels of recent initiatives by the State Department. In June, they put out the equivalent of an identical $10 million bounty for information on hackers linked with the RedLine infostealer malware group targeting Russian national Maxim Alexandrovich Rudometov.
These hefty payoffs mirror the severe danger that cybercriminals who are sponsored by states represent for the nation’s safety and financial soundness. By promising life-altering sums of money and immunity to potential snitches, the U.S. is attempting to gain access to these covert businesses through the inside.
For organizations still running vulnerable systems, the message is clear: patch your networks now, before these persistent adversaries find their way in.
