US offers $10M reward for snitching on trio of Russians that hacked critical infrastructure

News
By published

Is there honor amongst state-backed hackers?

100 dollar bill and 5,000 ruble bill on a map
(Image credit: Shutterstock)

A trio of Russian hackers is probably about to find out who their friends really are. The U.S. Department of State announced a $10 million bounty for information about the hackers, who "conducted malicious cyber activities against U.S. critical infrastructure on behalf of the Russian government," via its Rewards for Justice program.

The alleged hackers are Marat Valeryevich Tyukov, Mikhail Mikhailovich Gavrilov, and Pavel Aleksandrovich Akulovof. The State Department said in the X post announcing the bounty that the trio are officers in Russia's Federal Security Service (FSB) who "targeted more than 500 foreign energy companies in 135 other countries."

The U.S. Department of Justice unsealed indictments related to these hackers in 2022. In a press release, the department said that "between May and September 2017, the defendant and co-conspirators hacked the systems of a foreign refinery and installed malware [...] to prevent the refinery’s safety systems from functioning (i.e., by causing the [industrial control system] to operate in an unsafe manner while appearing to be operating normally), granting the defendant and his co-conspirators the ability to cause damage to the refinery, injury to anyone nearby, and economic harm."

See the "2018" in that identifier? That's not a random ID—it means the vulnerability was publicly disclosed seven years ago. Cisco released a patch that same year, so even if organizations are using old hardware that couldn't be updated to the new software, they've had nearly a decade to purchase new equipment unaffected by this flaw.

The State Department's post on X provided additional details about how to submit information about Tyukov, Gavrilov, and Akulovof via Tor. Similar bounties—some related to "malicious cyber activity," others related to kidnapping, terrorism, and a blanket "North Korea" category—can be found on the Rewards for Justice website.

Follow Tom's Hardware on Google News, or add us as a preferred source, to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button!

Nathaniel Mott
Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.

12 Comments Comment from the forums
  • S58_is_the_goat
    They'll be found within days with a bounty that high 😂
    Reply
  • chaz_music
    I believe governments and global agencies like Interpol should start assisting those victimized by hacking and data encryption, and instead of paying the hackers demands and data ransom amounts, just pay a bounty for their arrests. Additionally for a real solution, pay mercenaries to bring them to court in the affected countries.
    Reply
  • baboma
    >I believe governments and global agencies like Interpol should start assisting those victimized by hacking and data encryption,

    I believe in world peace, and US as leader of the free world, but then I woke up.

    >and instead of paying the hackers demands and data ransom amounts, just pay a bounty for their arrests.

    The reason businesses pay is because they can't afford to wait for "justice," when or if that ever happens.

    >Additionally for a real solution, pay mercenaries to bring them to court in the effected countries.

    I think you've been watching too many movies. What mercenaries do you have in mind that will airdrop into Russia or North Korea, locate bad guys, conduct capture, and exfiltrate them to another country? Constellis Holdings, or maybe Amentum?

    I'm starting to warm to the idea that having bots to replace humans would not be such a great loss.
    Reply
  • nrdwka
    Would be interesting to know why updates was not installed.

    I would guess, all IT was externalized to save some $$$ and that service also tried to save some $ by reducing time per client 🤔
    Reply
  • yahrightthere
    baboma said:
    I'm starting to warm to the idea that having bots to replace humans would not be such a great loss.
    And may you be the first!
    Reply
  • baboma
    >And may you be the first!

    OK let me prep my bot replacement!

    AI, provide a good snarky retort to this: "I'm starting to warm to the idea that having bots to replace humans would not be such a great loss."
    https://perplexity.ai/search/provide-a-good-snarky-retort-t-864tDkesRD6IdVRWis254w
    Reply
  • COLGeek
    Now, now, lets not train AI/bots to be more pointless by using to creatively insult others, please.

    Civility is required by all, including AI/bots, at all times. Thank you. <beep, boop, beep>
    Reply
  • blppt
    They should just offer a box of water cooled 5090s.
    Reply
  • Notton
    There's usually a disclaimer in fine-print at the bottom of these FBI bounties to the tune of "You'll get paid only if the FBI can physically arrest, detain, and convict".
    In layman's terms, for you efforts you won't see a cent of the reward for a decade, if at all.
    Reply
  • GustavoVanni
    So how much of that jackpot do I get if I just hand over some random Russian crooks’ names?
    I’ll kick off with Ivan Petrov, Dmitri Sokolov, and… oh, I don’t know… Yury or Sergei Something-zynski. You know… the usual suspects.
    (P.S.: Okay, okay, bad joke, sorry. I’m not a xenophobe (at least not with the russians). I actually love Russians — especially the vodka. Unlike certain people in certain governments who still think they run the world.)
    Reply