Menu
Browse

Cyber Threat Actor: Egor Igorevich Kriuchkov

Aliases: 2 aliases
Actor Type Location Known Incidents
 Icon
Criminal
Russia
1 incident
Profile

Egor IgorevichKriuchkov is a Russian national known by the alias Egor Igorevich Kriuchkov. He was identified in mid‑2020 as the individual behind a failed extortion scheme targeting Tesla’s Nevada Gigafactory. At the time of the incident he was 27 years old and residing in Russia. Kriuchkov attempted to recruit an employee of the facility to assist in deploying malicious software on Tesla’s internal network. The plot was uncovered by law enforcement before any malware could be installed.

The scheme aimed to obtain financial gain through extortion by threatening to leak data stolen from Tesla’s systems. Kriuchkov offered the recruited insider a payment of one million United States dollars after successful malware deployment, with the additional requirement that the insider help develop the malicious tool. To conceal the malware installation, the plan included a distributed denial‑of‑service attack intended to divert security teams’ attention. Initial access was to be achieved either via a USB drive carried by the insider or through a malicious email attachment. No specific malware family was named in the public reports, but the effort involved custom development rather than use of off‑the‑shelf tools.

Attribution to a Russian individual is based on Kriuchkov’s nationality and the location of his arrest in Los Angeles while he attempted to flee the United States. No public evidence links him to a state‑sponsored apparatus or to a larger criminal consortium; he acted as an independent actor in this case. The Tesla extortion attempt remains the only publicly documented operation attributed to him, representing a representative example of his activity. Following his arrest on August 22, 2020, Kriuchkov faced charges of conspiracy to damage a protected computer, with a potential sentence of up to five years imprisonment. The case illustrates how insider recruitment combined with financial incentives and diversionary tactics can be used in extortion‑oriented cyber operations.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
1 source