An attempt to run a Distributed Denial of Service Attack ( DDos ) on Tesla while also stealing sensitive information via malware was stopped before any destruction happened at the Tesla Gigafactory 1, confirmed by Elon Musk.
While this attack was obviously well financed and very focused, the team at Tesla thwarted their would be attempts.
Russian Hackers In The News Again?
This attack was focused on Tesla’s Gigafactory Nevada, also known as Gigafactory 1. The threat actor, Egor Igorevich Krichkov had a full conspiracy plan in place almost like something out of a movie.
The breach occurred through Ego contacting a Russian speaking, non-US citizen worker who was employed at the Gigafactory. This worker, whose name and identity are being withheld, has undisclosed levels of access to the computer network.
On July 16th, 2020 – the hacker was in communication with the worker via WhatsApp and arranged an in-person meeting. The Tesla employee met the hacker, and his associates, sometime between August 1st and 3rd.
The ‘special project’ that Egor invited the worker to participate in would require them to take the malware into the factory and put it onto the network.
The attack was designed to run a DDoS attack which would divert the attention of the company long enough to extract mission critical corporate data.
What Was The Goal
Money – of course. And maybe some top secret spy shit but we are not completely certain on the second.
According to Teslarati, once infiltration was complete the aim was to extort a ‘substantial‘ amount of money from Tesla and Elon Musk directly. Obviously the worker would have taken a hefty cut, but unfortunately for Krichkov and his associates, things changed quickly.
Employee Loyalty gained a win-win situation for the Electric Car maker. The efforts of the hacker were put to rest as the worker chose to give up over $1 million in potential gains and ended up working with the Federal Bureau of Investigation ( FBI ) to apprehend the hacker.
How Did They Stop The Attack?
At the end of the day, the worker followed the rules.
On August 7th, in order to gain his trust, the attacker met with the worker to go over the plans and to partially pay upfront. The hacker then left, giving the worker a chance to think things over.
The Giga Nevada worker then went straight to the company who in turn contacted the FBI and worked with the new team to obtain as much information as possible. This proved very successful since the hacker then confessed to a separate crime, against CWT Travel, for $4.5 million in ransom.
August 19th rolls around and the worker agrees to meet the hacker, with a FBI wire, and downloads a Tor Browser to facilitate the downpayment via Bitcoin. Kriuchkov’s next steps were to give the worker a cell phone in which they would talk with a co-conspirator who had the technical knowledge of how to execute the ‘project’.
August 21st, the hacker and employee meet again and advised that the special project would be delayed and so would the payment. The hacker then told the employee he was leaving the area, provided the employee with a burner phone and told him to keep it on airplane mode until advised, via WhatsApp, to turn it on.
Based upon the above facts and my training and experience, I believe the foregoing facts establish that probable cause exists to believe that Egor Igorevich Krichkov has committed the offense of conspiracy to Intentionally Cause Damage to a Protection Computer.FBI’s Special Agent Micheal J. Hughes
August 22nd, Egor Igorevich Krichkov was arrested in Los Angeles while attempting to leave the country. The alleged hacker has been detained and is pending trial.