By Chris Bonatti, President of IECA, Casper, WY
A Russian national named Egor Igorevich Kriuchkov traveled to the US in an attempt to subvert and bribe an employee at Tesla Corporation to install malware at the company’s Nevada Gigafactory.
Kriuchkov agreed to pay this employee one million dollars to plant the malware on Tesla’s internal network, but the employee instead reported the offer to Tesla, who brought in the FBI. They worked together to build an airtight case, and set up a sting that included covertly recording face to face meetings.
The conspiracy aimed to use the malware to exfiltrate data from the company’s network, and threaten to disclose the data online unless the company paid the conspirators a ransom. The malware was to be custom developed to propagate through the company’s network. For it to work, the group said it needed the employee to provide information about the employer’s network authorizations and network procedures.
Kriuchkov said the malware would be transmitted either by inserting a USB drive into a company computer or clicking on an email attachment containing malware, and that the infecting computer would have to run continuously for 6-8 hours for the malware to fully penetrate the network. To distract network personnel, a first stage of the malware would perform a denial of service attack, while a second stage performed the data exfiltration. The pattern of this planned attack would certainly be familiar to anybody who’s served on a cyber incident response team.
Kriuchkov also listed prior companies that this group had targeted, and that each of these companies had an employee who had installed malware on behalf of the group. He claimed the oldest project the group had worked on took place three and a half years ago.
This is a little bit sobering, and should serve as a reminder to companies to beware insider threats. Money is a timehonored motivator to turn just about anyone.