Cyber Incident Victim: Westinghouse Electric Company
Date:
Nov 2014
Location:
United States of America
Summary
Russian GRU officers conducted a cyber espionage campaign targeting entities of strategic interest to the Russian government, including Westinghouse Electric Company. The attackers performed network reconnaissance, created fraudulent domains mimicking the organization, and deployed spearphishing emails to compromise employee credentials. This activity formed part of a broader pattern of operations involving Wi-Fi network exploitation, data theft from international anti-doping agencies, and influence campaigns through fabricated hacktivist personas. The conspiracy aimed to harvest sensitive information and undermine organizations opposing Russian state interests, utilizing compromised credentials, stolen medical records, and altered documents to support disinformation efforts targeting global institutions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The indictment unsealed on October 4, 2018, by the U.S. Department of Justice revealed that Westinghouse Electric Company (WEC), headquartered in Pennsylvania’s Western District, was among the entities targeted by Russian military intelligence (GRU) officers as part of a broader cyber-espionage campaign. Beginning as early as November 20, 2014, defendant Ivan Sergeyevich Yermakov conducted reconnaissance activities focused on Westinghouse’s networks and personnel. This reconnaissance phase involved identifying potential entry points and gathering intelligence on employees’ digital footprints. In subsequent months, Yermakov collaborated with unnamed conspirators to create a fraudulent domain mimicking Westinghouse’s legitimate infrastructure, a tactic designed to deceive employees into divulging credentials. Spearphishing emails were then deployed to both work and personal email accounts of Westinghouse employees, crafted to harvest login credentials that could facilitate unauthorized network access. These activities aligned with the GRU’s pattern of targeting organizations deemed strategically significant to the Russian government, though the indictment did not specify whether the spearphishing attempts against Westinghouse resulted in successful network compromises or data exfiltration.
The broader conspiracy involved seven GRU officers from Military Units 26165 and 74455, who employed a combination of remote hacking and close-access operations across multiple continents. While Westinghouse was not subjected to the physical close-access deployments described in operations targeting anti-doping agencies in Rio de Janeiro or Switzerland, its inclusion underscored the GRU’s interest in critical energy sector entities. U.S. Attorney General Jeff Sessions explicitly cited Westinghouse as a victim during the indictment’s announcement, emphasizing the campaign’s threat to American corporate and national security interests. The legal response included charges of conspiracy to commit computer fraud, wire fraud, money laundering, and aggravated identity theft against the defendants, with potential maximum sentences ranging from 5 to 20 years per count. The indictment documented the GRU’s operational infrastructure, including spoofed domains, fictitious online personas, and compromised Wi-Fi networks, but did not attribute specific downstream impacts—such as data leaks or financial losses—directly to the Westinghouse targeting. The case highlighted the persistent threat of state-sponsored cyber operations against private-sector entities and marked one of the first public attributions linking GRU personnel to attempted intrusions against U.S. industrial targets.