Russian hacker who targeted global oil, gas facilities pleads guilty

Prefer on Google by Lucy Pakhnyuk Computer code is displayed over an image of the Kremlin in this illustration representing Russian cyber activity. (Anton Petrus / Getty Images) A Russian hacker accused of damaging critical oil and gas infrastructure in multiple countries has agreed to plead guilty in a U.S. federal case that could carry a sentence of up to 27 years in prison, Bloomberg reported May 1. Artem Vladimirovich Revenskii, also known as "Digit," was charged last month with conspiracy to cause damage to protected computers, wire fraud, and identity theft. He reached a plea agreement with federal prosecutors in California on April 30 that includes a recommendation for a reduced sentence. Prosecutors allege Revenskii was part of a Russian government-sponsored hacking group known as Sector 16, which targeted countries "perceived to be enemies of the Russian government," according to federal court filings cited by Bloomberg . Authorities say the group infiltrated and damaged industrial systems tied to oil and gas operations in the U.S., Ukraine, Germany, France, and Latvia . Revenskii, who primarily lived in Russia , was taken into U.S. custody on Nov. 2, 2025, after being arrested in the Dominican Republic and flown to New Jersey. Court filings describe a series of alleged plots by Sector 16, including plans to sabotage infrastructure in Ukraine. Prosecutors say the group sought to disrupt gas stations in Kyiv and disable the country's electric grid. In one exchange cited by authorities, Revenskii told a co-conspirator about plans to shut off electricity across Ukraine for three days, though it remains unclear whether that effort succeeded. In September 2025, Sector 16 hackers accessed a natural gas facility in Poltava , Ukraine, prosecutors said. Messages reviewed by investigators show Revenskii discussing plans to cause physical damage by attacking hardware, deforming pipelines, and overloading ventilation and gas extraction equipment. Sector 16 first gained public attention in 2025 after claiming on the dark web that it had attacked an oil company in Texas . According to the U.S. Department of Justice, "the novice-level pro-Russia hacking group first emerged in public in January 2025, when it posted a video with Russian hacktivist group Z-Pentest (also known as Cyber Army of Russia Reborn, or CARR), showing their cyber intrusion of ... oil pumps and storage tanks in Texas." Russian-linked hacking groups have conducted cyber operations for decades, often focusing on financially motivated attacks such as ransomware. Since the full-scale invasion of Ukraine , however, those activities have increasingly shifted toward more disruptive and destructive operations aimed at advancing Russia's geopolitical interests.