Russian Nationals Linked to Critical Infrastructure Hacks Face $10M US Bounty

The Register’s Iain Thomson reports that the US State Department has announced a $10 million reward for information leading to the capture of three Russian nationals accused of conducting cyberattacks on critical infrastructure systems worldwide.

The men, allegedly tied to Russia’s Federal Security Service (FSB), are said to have exploited outdated Cisco networking equipment to infiltrate energy firms, nuclear plants, and utility operators.

Authorities claim the operations compromised devices used in essential sectors across more than 135 countries, raising concerns about the persistent vulnerabilities in aging network infrastructure.

According to prosecutors, the suspects, Marat Valeryevich Tyukov, Mikhail Mikhailovich Gavrilov, and Pavel Aleksandrovich Akulovof, were part of FSB Center 16, also known as “Berserk Bear” or “Dragonfly.”

Beginning around 2012, they reportedly launched campaigns targeting over 3,300 individuals at 500 organizations globally.

Investigators allege that they exploited a flaw in Cisco’s Smart Install feature (CVE-2018-0171), a critical CVSS 9.8 vulnerability, to compromise thousands of unpatched devices.

Some of these campaigns allegedly reached sensitive sites, including the Wolf Creek nuclear power plant in Kansas, where credential-harvesting malware was reportedly discovered after FBI intervention.

The State Department’s announcement comes even though many of the alleged activities date back several years, and the suspects are believed to remain in Russia, outside the reach of US law enforcement.

Cisco has not commented on the situation. Authorities have not clarified why the bounty was issued at this time.

The announcement reflects the enduring jurisdictional and evidentiary hurdles in prosecuting state-linked cyber actors. It highlights the risks associated with legacy technology in regulated industries and the complexities of cross-border enforcement.