A trio of Russian hackers is probably about to find out who their friends really are. The U.S. Department of State announced a $10 million bounty for information about the hackers, who "conducted malicious cyber activities against U.S. critical infrastructure on behalf of the Russian government," via its Rewards for Justice program.
The alleged hackers are Marat Valeryevich Tyukov, Mikhail Mikhailovich Gavrilov, and Pavel Aleksandrovich Akulovof. The State Department said in the X post announcing the bounty that the trio are officers in Russia's Federal Security Service (FSB) who "targeted more than 500 foreign energy companies in 135 other countries."
The U.S. Department of Justice unsealed indictments related to these hackers in 2022. In a press release, the department said that "between May and September 2017, the defendant and co-conspirators hacked the systems of a foreign refinery and installed malware [...] to prevent the refinery’s safety systems from functioning (i.e., by causing the [industrial control system] to operate in an unsafe manner while appearing to be operating normally), granting the defendant and his co-conspirators the ability to cause damage to the refinery, injury to anyone nearby, and economic harm."
The Register reported that Tyukov, Gavrilov, and Akulovof's unit has been exploiting a vulnerability in Cisco equipment involving "the Smart Install feature of Cisco IOS and IOS XE software, a CVSS 9.8 flaw, and one that many end-of-life-kit can't patch." That vulnerability, which has been exploited by other groups, is tracked as CVE-2018-0171.
See the "2018" in that identifier? That's not a random ID—it means the vulnerability was publicly disclosed seven years ago. Cisco released a patch that same year, so even if organizations are using old hardware that couldn't be updated to the new software, they've had nearly a decade to purchase new equipment unaffected by this flaw.
The State Department's post on X provided additional details about how to submit information about Tyukov, Gavrilov, and Akulovof via Tor. Similar bounties—some related to "malicious cyber activity," others related to kidnapping, terrorism, and a blanket "North Korea" category—can be found on the Rewards for Justice website.
Follow Tom's Hardware on Google News, or add us as a preferred source, to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button!
