Tesla Gigafactory worker in Nevada targeted by Russian in failed ransomware attack

“A worker in Gigafactory Nevada ended up turning down a $1 million incentive, working closely with the FBI, and thwarting a planned cybersecurity attack against the electric car maker.” — Tesla blog post

Billionaire entrepreneur and Tesla CEO Elon Musk on Friday disclosed details that prosecutors hadn’t involving “a 27-year-old Russian, an insider at an unnamed corporation and an alleged million-dollar payment offered to help trigger a ransomware extortion attack on the firm,” AP reports — “the scheme took aim at the electric car company’s 1.9 million-square-foot factory in Sparks, Nevada, which makes batteries for Tesla vehicles and energy storage units.”

Here is the criminal complaint filed by the FBI Las Vegas Field office on August 25 2020.

“This was a serious attack,” Musk tweeted Thursday night, following publication of a Tesla blog post that detailed the attack. From the Teslarati post, “Tesla employee foregoes $1M payment, works with FBI to thwart cybersecurity attack” —

This Tuesday, the Department of Justice announced the arrest of Egor Igorevich Kriuchkov, a Russian citizen accused of conspiring to breach the network of a US company and introduce malware to compromise the said company’s networks. Media reports about the incident have identified the US company to be electric car maker Tesla. Interestingly enough, a criminal complaint filed by the FBI Las Vegas Field Office suggests that the attempted cybersecurity attack is no ordinary hacking attempt — it may very well be part of a well-financed, organized, scheme. 

The remarkable story began when a Russian-speaking, non-US citizen working at Tesla’s Gigafactory Nevada was contacted by Kriuchkov. The employee, whose identity has not been revealed, has access to the electric car maker’s computer networks. On July 16, the Russian citizen contacted the Giga Nevada employee through WhatsApp asking to meet with him in Sparks, Nevada. As noted in a report from Clearance Jobs, the fact that Kriuchkov approached a Russian-speaking, non-US citizen working at Gigafactory Nevada suggests that the team behind the cyberattack attempt has done their research well. 

And more about the attempted payout, again from the Associated Press:

Reaching out to the unnamed worker via WhatsApp in July, Kriuchkov allegedly flew to the United States with a Russian passport on a tourist visa and sought to entice the worker to betray Tesla. Kriuchkov allegedly took the worker, who he’d he’d first met in 2016, on a road trip to Lake Tahoe before offering the person $1 million to plant malware on computer systems at “Victim Company A.” Kriuchkov floated the scheme at a Reno area bar on Aug. 3 after the two drank heavily until last call, the complaint says.

But the plant worker informed Tesla, which contacted the FBI and won the employee’s cooperation. In subsequent meetings monitored and recorded by federal agents, Kriuchkov laid out a scheme to have the worker infect Tesla computers with a program that would steal valuable data before scrambling plant systems with ransomware, according to the complaint.

Kriuchkov was quoted as saying the inside job would be camouflaged with a distributed denial of service attack on plant computers from outside. Such attacks overwhelm servers with junk traffic. If Tesla didn’t pay, the purloined data would be dumped on the open internet.

The complaint says Kriuchkov told the Tesla worker that his organization had executed similar “special projects” on other companies on multiple occasions, with one victim supposedly surrendering a $4 million ransom payment. According to the complaint, Kriuchkov added that his organization employed sophisticated encryption that would mask the Tesla worker’s participation and mentioned that one hacker in his group was a high-level employee of a government bank in Russia.

More: Tesla targeted in failed ransomware extortion scheme