WASHINGTON – The United States on Thursday charged seven Russian intelligence officers with conspiring to hack computers and steal data from the nuclear energy company Westinghouse Electric Co. as well as anti-doping watchdogs, sporting federations and an international agency probing the use of chemical weapons.
The charges of conspiracy to commit computer fraud and abuse and to commit wire fraud and money laundering came hours after Dutch authorities said they had disrupted an attempt by Russian intelligence agents to hack into the Hague-based Organization for the Prohibition of Chemical Weapons in April.
That organization is tasked with probing the use of chemical weapons in Syria and the March 2018 poisoning of a former Russian military intelligence officer in the United Kingdom.
The Justice Department said one of the Russian officers researched Westinghouse and its employees online and stole log-in credentials of Westinghouse workers for servers in the United States, including staffers who work at its advanced nuclear reactor development and new reactor technology units.
Westinghouse, which is located outside Pittsburgh, provides fuel, services and nuclear power plant design to customers, including Ukraine. The company did not respond to a request for comment.
Three of the seven Russian military officers indicted on Thursday were charged in a separate case brought by special counsel Robert Mueller’s office for their role in hacking activities designed to influence the 2016 presidential election.
John Demers, the head of the Justice Department’s National Security Division, said while the defendants overlap, the case brought on Thursday did not involve Mueller’s office.
In the indictment, prosecutors alleged that one of the Russian officers, Ivan Sergeyevich Yermakov, who was also charged by Mueller in the election-related hacking, performed “technical reconnaissance” on Westinghouse to gain access to IP addresses, domains and network ports starting in November 2014.
In December 2014, the hackers registered a fake domain and website designed to mimic the company’s website and sent phishing emails to at least five employees. Once people clicked on the spoofed domain and provided their log-ins, they were rerouted to the original network.
On other occasions, according to the indictment, the conspirators also sent spear-phishing emails to the personal emails of employees at Westinghouse. Two account users clicked on the malicious links.
The indictment alleges that the seven defendants, all of whom are members of Russia’s military intelligence agency, sought to sow disinformation and create an influence campaign as retaliation for the exposure of a Russian state-sponsored athlete doping program.
One of the Russians is registered at an address in Moscow that has been identified by the U.S. government as a base of Russian military intelligence. Alexei Morenets is registered as living at a building on Moscow’s Komsomolsky Prospect — an address that is, according to the U.S. indictment, also home to Military Unit 26165, a unit of the GRU military intelligence service. His car also had Military Unit 26165 as a place of registration for several years in the mid-2000s.
Another of the seven, Alexei Minin, is registered as living at a building on Narodnogo Opolcheniya street in Moscow that is the legal address of the military academy run by the Russian Defense Ministry.
The U.S. Anti-Doping Agency and the World Anti-Doping Agency were among the hacking targets, as well sporting organizations including the Federation Internationle de Football Association (FIFA) and athletes whose medical records were stolen and later publicized.
Russia has denied meddling in the 2016 U.S. presidential election, contradicting a unanimous conclusion by all U.S. intelligence agencies.
All seven of the defendants are presumed to be in Russia, which does not have an extradition treaty with the United States. The indictment could make it hard for them to travel to other countries.
The hackers traveled to other countries to carry out hacking activities, sometimes with the use of diplomatic passports, prosecutors allege.
Such efforts, known as “on-site” or “close access” hacking operations, were carried out in cases where remote hacking from Russia did not provide “sufficient access” to networks.
One such trip, for instance, was Rio de Janeiro before and during the 2016 summer Olympic games.
Some of the stolen data were later published under the false auspices of a hacktivist group known as “Fancy Bears Hack Team.”
“Close access operations, like the ones exposed today, are reminders of the considerable resources available to nation states,” said John Hultquist, director of intelligence analysis at the cyber firm FireEye.
While the motive behind the hacks involving anti-doping groups and organizations probing Russian poisonings were more clear-cut, the decision to target Westinghouse was less apparent.
Justice Department officials declined to provide additional details on Thursday about the attacks on the company.
Efforts to penetrate its networks started in late 2014, some nine months after Ukraine’s pro-Russia President Viktor Yanukovych was removed from power during the Ukrainian Revolution.
This is not the first time Westinghouse has been a victim of a state-sponsored hack.
In May 2014, the Justice Department indicted five Chinese military hackers who targeted U.S.-based nuclear power, metals and solar sectors.
According to that indictment, Westinghouse had entered into a deal with a Chinese nuclear company to construct and run four nuclear power plants in China.
But during the talks, prosecutors say one of the defendants stole proprietary and confidential technical designs and other data from Westinghouse.