Cyber Incident Victim: Tesla
Date:
Jul 2020
Location:
United States of America
Summary
A Russian national attempted to recruit an employee at Tesla's Nevada facility to deploy malware via USB or email, aiming to extort the company by threatening to leak stolen data. The conspirator offered $1 million for the insider's assistance in developing and planting the malicious software, which included plans for a disruptive DDoS attack to mask the malware installation; the plot was thwarted by law enforcement leading to the individual's arrest as he prepared to flee the country.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In July 2020, Russian national Egor Igorevich Kriuchkov, aged 27, attempted to recruit an employee at Tesla’s Nevada Gigafactory as part of a conspiracy to extort the company. Kriuchkov offered the employee $1,000,000 to deploy malware on Tesla’s internal network, either via a USB drive or a malicious email attachment. The malware was intended to exfiltrate sensitive company data, which would then be used to ransom Tesla under threat of public disclosure. Kriuchkov also required the employee’s assistance in developing the malware. The plan included coordinating a distributed denial-of-service (DDoS) attack to divert attention during the malware deployment. The FBI uncovered the scheme through communications between Kriuchkov and the targeted employee, who alerted authorities. On August 22, 2020, Kriuchkov was arrested by the FBI in Los Angeles while attempting to flee the United States with a pre-purchased airline ticket. Tesla CEO Elon Musk later publicly confirmed the recruitment attempt via Twitter, corroborating the FBI’s findings.
The incident did not progress beyond the recruitment phase, as the employee’s cooperation with law enforcement prevented malware deployment or data theft. Kriuchkov was charged with conspiracy to intentionally cause damage to a protected computer, carrying a maximum penalty of five years in prison. The FBI’s intervention neutralized the threat before operational systems at the Gigafactory or Tesla’s broader network were compromised. Court documents revealed the plot’s international dimensions, including Kriuchkov’s travel to the U.S. to facilitate the scheme. No additional accomplices were named in the initial charges, and Tesla did not report financial losses or data breaches resulting from the attempt. The case underscored the persistent risk of insider threats coordinated by external actors targeting critical infrastructure. Legal proceedings against Kriuchkov proceeded following his arrest, with no evidence suggesting successful data exfiltration or ransomware payments.