Tesla Hacker is arrested; planned to extort the company in complicity with an employee

The U.S. Department of Justice (DOJ) has revealed that Russian citizen Egor Igorevich Kriuchkov pleaded guilty to operating a fraudulent scheme in collaboration with a Tesla employee to install malware at one of the company’s plants and steal confidential information. According to the report, threat actors planned to extort the automotive company’s executives, demanding a ransom not to publish the information.

The defendant also acknowledged involvement in other similar malicious campaigns in which he made about $4 million USD in illegal profits. Kriuchkov explained that the operators of these campaigns have been deploying these attacks for considerable time, analysing all potential victims in detail.

On the other hand, the cybercriminal mentioned to the Tesla employee who participated in this attempted fraud that the group would launch a denial of service (DoS) attack to divert attention from the real malware infection. The employee would also have collaborated on the process of developing this malware.

Tesla CEO Elon Musk confirmed through his Twitter account that Kriuchkov was trying to recruit a Tesla employee to help him with his extortion plan.

The defendant was arrested in August 2020 after receiving a phone call from an agent of the Federal Bureau of Investigation (FBI). Weeks later, Kriuchkov was charged with conspiracy to commit international fraud and access to a protected computer system, facing a sentence of up to five years in prison and a $250,000 USD fine.

Nicholas McQuaid, assistant justice secretary, says: “The prompt response from the company’s security authorities and teams allowed the attack to be contained and those responsible arrested.” The defendant is still awaiting his sentence, although sources close to the DOJ say Kriuchkov would be negotiating a sentence of ten months in prison and three years of probation.

To learn more about information security risks, malware variants, vulnerabilities and informatio technologies, feel free to access the International Institute of Cyber Security (IICS) websites.