Tesla CEO Elon Musk said the thwarted malware strike on the company “serious.”
The FBI arrested a 27-year-old Russian for allegedly offering a Tesla employee $1 million to help him launch a malware attack on the automaker.
The thwarted plan appears to have been a ransomware attack aimed at hacking into, and then taking control of, Tesla’s computer network, triggering a demand for payment before the hackers would have returned control of the system to the automaker. While such cyberattacks can target individual computer users, recent months have seen hackers increasingly take aim at larger corporations that can afford large payments. Tech firm Garmin reportedly paid millions this month to end a malware attack.
The U.S. Department of Justice issued a statement announcing it had prevented the planned attack. Though it did not name the corporate target, an initial report by website Teslarati was subsequently confirmed by Tesla CEO Elon Musk who said in a tweet, “This was a serious attack.”
(Tesla CEO Musk hints of big battery breakthrough.)
The Justice Department statement indicated 27-year-old Egor Igorevich Kriuchkov approached an unnamed Tesla employee, offering the person $1 million to introduce malware into the company’s computer system. Instead, the employee informed authorities who stepped in, prevented the attack and made an arrest.
The FBI averted a planned malware attack on EV maker Tesla, CEO Elon Musk confirmed via Twitter.
The fact that the complaint against Kriuchkov was filed by the FBI’s Las Vegas field office – and that the suspect met with the Tesla employee in Reno – appears to suggest that the employee may have worked at Tesla’s Gigafactory battery plant located in that city, rather than at its corporate offices in California.
The FBI’s statement outlined a meeting that took place between the alleged Russian hacker and the Tesla employee, identified as “CHS1,” or “confidential human source 1,” on Aug. 7. In it, Kriuchkov discusses the strategy – which was meant to initially fool Tesla’s in-house security team into believing it had failed. He tried to calm the Tesla employee’s concerns about being caught, claiming “the group could attribute the attack to another person at Victim Company A, should there be ‘someone in mind CHS1 wants to teach a lesson.’”
Kriuchkov, the FBI statement added, also was “sympathetic” to the Tesla employee’s request to increase his initially offered fee to $1 million.
The Russian indicated he would return to Reno for a follow-up meeting on Aug. 17.
(Tesla pushing for FCC approval on sensor for child detection system.)
Who Kriuchkov might have represented was not disclosed and it is unclear the FBI has learned that detail. During the Aug. 7 meeting, however, the Russian allegedly indicated his “group” had already made similar deals with employees at other companies targeted by its malware.
The employees who alerted the FBI to the planned cyberattack against Tesla may have worked at the company’s Gigafactory near Reno, Nevada.
The alleged plot appears to have been unusual in having a member of a hacker group – or someone it hired on a freelance basis – meet personally with someone from a company being targeted.
“One of the benefits of cybercrime is criminals don’t have to expose themselves to unnecessary risk by conducting business in person. Flying into U.S. jurisdiction to have malware manually installed on a company’s network is absolutely insane,” former cyberhacker Marcus Hutchins said in a Twitter post.
Musk did not elaborate on his initial tweet and Tesla has not yet responded to a request for comment.
Cybercrime has become an increasingly serious threat for businesses, large and small. One common form of attack allows hackers to obtain data, such as credit card and Social Security numbers, for customers or employees. But ransomware attacks are becoming increasingly frequent, according to authorities.
(Tesla announced 5-for-1 stock split; shares rise again.)
In 2019, such attacks generated at least $7.5 billion in payments from victims in the U.S. alone, according to Emsisoft, an anti-malware company.