US Offers $10M Reward for Russian FSB Hackers Info
▼ Summary
– The U.S. State Department is offering a $10 million reward for information on three Russian FSB officers involved in cyberattacks against U.S. critical infrastructure.
– The three officers, Marat Tyukov, Mikhail Gavrilov, and Pavel Akulov, are part of an FSB unit tracked under multiple aliases like Berserk Bear and Dragonfly.
– They were previously charged for targeting U.S. government agencies and energy companies, including a nuclear power plant operator, between 2012 and 2017.
– Recently, they exploited a Cisco vulnerability to breach critical infrastructure sectors globally, including telecommunications and manufacturing organizations.
– The same group has also targeted U.S. state and local governments and aviation entities over the past decade.
The United States Department of State has announced a substantial reward of up to $10 million for actionable intelligence regarding three Russian Federal Security Service officers accused of orchestrating cyberattacks against American critical infrastructure. These individuals are identified as Marat Valeryevich Tyukov, Mikhail Mikhailovich Gavrilov, and Pavel Aleksandrovich Akulov, all affiliated with the FSB’s Center 16, also known as Military Unit 71330. This unit operates under several aliases in cybersecurity circles, including Berserk Bear, Blue Kraken, and Dragonfly.
In March 2022, the trio faced charges for their alleged involvement in a multi-year cyber campaign spanning from 2012 to 2017. Their targets included U.S. government bodies such as the Nuclear Regulatory Commission, as well as private energy firms like the Wolf Creek Nuclear Operating Corporation, which manages a nuclear facility in Burlington, Kansas. According to the State Department, these officers were not only focused on American assets but also infiltrated more than 500 energy companies across 135 other nations.
A recent tweet from the State Department emphasized the severity of the threat, urging anyone with knowledge of the hackers’ activities to contact the Rewards for Justice program through a secure, Tor-based channel. Potential informants may qualify for financial compensation and relocation assistance.
More recently, the FBI issued warnings in August detailing how the group exploited a known vulnerability, CVE-2018-0171, in end-of-life Cisco networking equipment. This flaw allowed remote code execution on unpatched devices, enabling breaches across numerous critical infrastructure sectors in the U.S.
Cisco initially addressed this vulnerability nearly four years ago but updated its advisory in November 2021, urging network administrators to apply patches immediately. Cisco Talos, the company’s cybersecurity division, reported that the Russian state-sponsored group has been aggressively targeting unpatched devices within telecommunications, education, and manufacturing organizations worldwide, including in North America, Europe, Asia, and Africa.
This same threat actor has a long history of targeting U.S. state, local, territorial, and tribal government agencies, as well as aviation entities, over the past decade. In a related move earlier this year, the State Department also offered a $10 million reward for information tied to the RedLine infostealer malware operation and its suspected creator, Russian national Maxim Alexandrovich Rudometov.
(Source: Bleeping Computer)
