The headquarters of Westinghouse Electric Co. LLC in Cranberry, Pa.
Westinghouse Electric Co. LLC, the developer of the nuclear reactor design Georgia utilities are attempting to construct for the first time in the U.S., was hacked by Russian military intelligence officers in 2014 and 2015, according to a grand jury indictment.
The charges, unveiled Oct. 4 by federal, state and Canadian law enforcement officials, were part of a broader slate of allegations against members of the Russian Main Intelligence Directorate, or GRU, related to their virtual intrusions at sporting and intergovernmental organizations.
It is the second time in four years that Westinghouse, a Pennsylvania-headquartered company that designs and services nuclear reactors, has been named by the U.S. Justice Department as the target of state-sponsored cybercrime. In 2014, federal officials revealed that Chinese military hackers directed offenses at Westinghouse, along with other companies in the solar and steel industries.
Westinghouse is the architect of the AP1000 reactor design found at several nuclear facilities around the world. The company, which struggled with cost overruns and schedule delays at projects in South Carolina and Georgia, declared bankruptcy in March 2017.
The V.C. Summer expansion in South Carolina was scrapped in July 2017, while its sister venture in Georgia, Vogtle, continues to be built despite rising expenses. Across the Pacific Ocean, however, a Chinese nuclear plant in September saw the first successful startup of an AP1000 reactor, touted by Vogtle's owners as a reason why their project should be completed.
In January, Brookfield Business Partners LP announced it would acquire Westinghouse from Toshiba Corp. for $4.6 billion. That transaction closed in August.
The seven Russian defendants were charged with computer hacking, wire fraud, aggravated identity theft and money laundering. Westinghouse and the other entities were selected "for their strategic interest to the Russian government," the indictment says, which noted that Westinghouse since 2008 has supplied Ukraine with increasing amounts of nuclear fuel.
Russia annexed Ukraine's Crimean peninsula in 2014, and Russian troops and Ukrainian separatists continue to occupy that region. The countries have been in a number of disputes over natural gas for over a decade, and Russian hackers are suspected to be responsible for mass power outages in Ukraine during 2015 and 2016.
According to the indictment, filed in the U.S. District Court for the Western District of Pennsylvania, as early as November 2014 a GRU officer performed technical reconnaissance of Westinghouse and its associated online infrastructure. A month later, the officer researched Westinghouse employees involved in nuclear research and development.
The officer and others then set up a fake Westinghouse email website that mimicked the company's real portal, along with sending spearphishing emails to Westinghouse employees. When those staffers logged on or clicked on fraudulent links, their credentials were stolen and saved by the GRU. This hacking also occurred in January and November 2015, affecting employees involved in advanced nuclear reactor development, according to the indictment.
Westinghouse spokeswoman Sarah Cassella confirmed these cyber intrusions but said the company has found "no evidence" that the GRU efforts to breach Westinghouse systems were successful.
"The safety and security of our systems and information is a top priority, and we maintain robust processes and procedures to protect against cybersecurity threats," Cassella said. "We are cooperating with the Department of Justice regarding this matter, but are unable to comment regarding the specifics of the case as it is an ongoing investigation."
According to the DOJ, Ivan Sergeyevich Yermakov, the GRU officer who hacked Westinghouse, is also one of the defendants charged in the special counsel's investigation of Russian interference in the 2016 U.S. presidential election.