A Close Call for Tesla, Russian Operative Charged with Federal Conspiracy

Posted on by Dawna M. Roberts in News April 01, 2021
Table of Contents

 A Russian hacker targeted Tesla car company and had planned to install malware into their network. His plan was to extort millions from the high-end car manufacturer. 

What Happened

On Thursday, the U.S. Department of Justice charged Egor Igorevich Kriuchkov (27) with federal conspiracy. The FBI caught Kriuchkov before he executed his plan. The Russian national was indicted by a federal grand jury this past September and will be sentenced in May.

His plan was to install malware into Tesla’s computer network and then extort millions from them. The charge of conspiracy carries a maximum of 5-years in prison along with a fine of $250,000. Kriuchkov pleaded guilty, and as part of his plea agreement, he should only serve between four to ten months in prison and then probation for another three years.

According to Data Breach Today, “Kriuchkov admitted to traveling from Russia to the U.S. in 2020 in an attempt to entice Tesla employees to plant malware, which could exfiltrate data, in the company’s network. According to the Justice Department, he planned to threaten to release the data to the public unless the company paid a $4 million ransom.

In court papers, the company that Kriuchkov and co-conspirators planned to extort is referred to as the “Victim Company,” but Tesla CEO Elon Musk revealed at the time the FBI uncovered the scheme that his firm was the intended target. He also called the case a serious attempt to steal corporate data.”

Kriuchkov had previously denied any wrongdoing, but last Thursday finally pleaded guilty to conspiracy. Unfortunately, there is no direct comment from Kriuchkov or his attorney at this time.

At the time, Elon Musk, CEO of Tesla, commented on Twitter, “This was a serious attack.”

The Acting U.S. Attorney General for the District of Nevada, Christopher Chiou, said: “This case highlights our office’s commitment to protecting trade secrets and other confidential information belonging to U.S. businesses — which is becoming even more important each day as Nevada evolves into a center for technological innovation.” The Hacker News scooped that tidbit along with “Along with our law enforcement partners, we will continue to prioritize stopping cybercriminals from harming American companies and consumers.”

The Larger Plan

Kriuchkov told the U.S. Department of Justice that he was not working alone. His accomplices are unnamed at this time, but between July and August 2020, they attempted to bribe a Tesla employee to plant malware in its network and then copy data and hold it for ransom.

Data Breach Today expanded on the plan with “In August 2020, Kriuchkov traveled to California and Nevada in an attempt to locate an employee who would accept payment in bitcoin as part of the scheme, prosecutors say. One of the company’s employees that Kriuchkov approached worked at Tesla’s Gigafactory, which is located near Reno, Nevada. That employee later reported the bribery and extortion scheme to the FBI.”

In court documents regarding the case, Kriuchkov and his cohorts had planned to use customized malware to infect the Tesla network. They had plans to pay a developer $250,000 for this custom code. The code was expected to exfiltrate data and execute a distributed denial-of-service attack (DDoS) to obfuscate the attack. They were planning on encrypting the data and demanding a $4 million ransom to unlock the network. Reports claim that $2 million of that money was earmarked for the gang’s boss, another $1 million would go to the insider (Tesla employee they bribed to infect the system), and the rest would be split among the other members. Unfortunately, it is not clear where Kriuchkov falls in the chain of command and whether he is the big boss or just an underling.

The malware would take six to eight hours to do its job fully. Kriuchkov also coerced the compliant Tesla employee to download a Tor browser application so that he could connect anonymously to the network and had him or her set up a bitcoin wallet account.

As it turns out, the Russian-speaking Tesla employee turned on Kriuchkov and reported the caper to the FBI and then became a confidential informant for the bureau to help bring the perpetrators to justice.

Table of Contents
About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagram’s c... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “Alien” is ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the country, ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% of the... Read More

Scan Your Records for Breaches, Leaks & Exposures!