Russian government officials charged in cyber-attacks targeting US and other energy companies around the world

The indictment comes amid fresh concerns over cyber security

Four Russian government employees have been charged in years-old cyberattacks that targeted energy companies in the U.S. and around the world, federal prosecutors said Thursday. 

The hacks affected companies and organizations in more than 130 countries, according to the Justice Department. 

FILE PHOTO: A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture. (REUTERS/Kacper Pempel/Illustration/File Photo)

None of the four defendants is in custody, though a Justice Department official who briefed reporters on the cases said the department determined that it was better to make the investigation public rather than wait for the "distant possibility" of arrests in the future.

AS CYBERATTACK THREATS RISE, EXPERT REVEALS ‘NIGHTMARE SCENARIO’

The indicted Russians include an employee at a Russian military research institute accused of working with co-conspirators to hack the systems of a foreign refinery and to install malicious software on the plant's safety systems, resulting in an emergency shutdown. 

The employee, Evgeny Viktorovich Gladkikh, also tried to break into the networks of an unidentified U.S. company, according to an indictment that was filed in June 2021. 

Russia

Cars drive along Tverskaya street with the towers of the State Historical Museum and the Kremlin in the background, in central Moscow, Russia March 23, 2022. (REUTERS/Maxim Shemetov)

The three other defendants are alleged hackers with Russia's Federal Security Service, or FSB, which conducts domestic intelligence and counterintelligence. Prosecutors say they belong to a hacking unit known to cybersecurity researchers as Dragonfly.

The hackers are accused of installing malware through legitimate software updates on more than 17,000 devices in the U.S. and other countries. Their supply chain attacks targeted oil and gas firms, nuclear power plants and utility and power transmission companies, prosecutors said.

OKTA WARNS 366 CUSTOMERS COULD POTENTIALLY BE IMPACTED BY LAPSUS$ HACK

A second phase of the attack, officials said, involved spear-phishing attacks targeting more than 500 U.S. and international companies, as well as U.S. government agencies, including the Nuclear Regulatory Commission. The hackers also successfully compromised the business network of the Wolf Creek Nuclear Operating Corporation in Burlington, Kansas, which operates a nuclear power plant.

The cyberattacks stretched back as far as a decade. But the indictments, unsealed Thursday, come as the U.S. energy firms are increasingly on edge Russian hackers exploiting vulnerabilities amid Russia’s war against Ukraine.    

Deputy Attorney General Lisa Monaco

FILE: Deputy Attorney General Lisa Monaco speaks to The Associated Press during an interview at the Department of Justice in Washington, Nov. 2, 2021.  (AP Photo/Manuel Balce Ceneta, File)

Deputy Attorney General Lisa Monaco said the criminal charges against the four Russian hackers "make crystal clear the urgent ongoing need for American businesses to harden their defenses and remain vigilant."

Cybersecurity expert Adam Levin, who co-founded credit.com and hosts "What the Hack with Adam Levin," told FOX Business it was imperative for companies to step up their game. 

CLICK HERE TO GET READ FOX BUSINESS ON THE GO

"There are so many people out there who think, ‘it’s never going to happen to me,’ and a lot of companies that don’t think it’s going to happen to them and then find out later that it did happen to them," he said adding: "As a defender, you’ve got to get everything right. As an attacker, you have to find only one crack or crevice to crawl through. And that’s the concern."

The Associated Press contributed to this report