The US government on Monday formally charged six Russian intelligence officers for carrying out destructive malware attacks with an aim to disrupt and destabilize other nations and cause monetary losses.
The individuals, who work for Unit 74455 of the Russian Main Intelligence Directorate (GRU), have been accused of perpetrating the “most disruptive and destructive series of computer attacks ever attributed to a single group,” according to the Justice Department (DoJ).
All the six men — Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko, and Petr Nikolayevich Pliskin — have been charged with seven counts of conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft.
“The object of the conspiracy was to deploy destructive malware and take other disruptive actions, for the strategic benefit of Russia, through unauthorized access (‘hacking’) of victim computers,” the prosecutors said.
“In furtherance of the conspiracy, Andrienko, Detistov, Frolov, Kovalev, Ochichenko, Pliskin, and others known and unknown to the grand jury procured, maintained, and utilized servers, email accounts, malicious mobile applications, and related hacking infrastructure to engage in spear-phishing campaigns and other network intrusion methods against computers used by the victims.”
Five years ago, Russian hackers belonging to Sandworm (aka APT28, Telebots, Voodoo Bear or Iron Viking) group attacked Ukraine’s power grid, Ministry of Finance, and State Treasury Service using malware such as BlackEnergy, Industroyer, and KillDisk, before embarking on a spree of destructive cyberattacks — including unleashing NotPetya in 2017 and targeting the Pyeongchang Winter Olympics with phishing campaigns and “Olympic Destroyer” malware.
The six individuals have been accused of developing components for NotPetya, Olympic Destroyer, KillDisk malware, as well as preparing spear-phishing campaigns directed against the 2018 PyeongChang Winter Olympic Games, resulting in damage and disruption to computer networks across France, Georgia, the Netherlands, Republic of Korea, Ukraine, the UK, and the US.
“For example, the NotPetya malware impaired Heritage Valley’s provision of critical medical services to citizens of the Western District of Pennsylvania through its two hospitals, 60 offices, and 18 community satellite facilities,” the DoJ said. “The attack caused the unavailability of patient lists, patient history, physical examination files, and laboratory records.”
“Heritage Valley lost access to its mission-critical computer systems (such as those relating to cardiology, nuclear medicine, radiology, and surgery) for approximately one week and administrative computer systems for almost one month, thereby causing a threat to public health and safety,” it added.
The total damages brought about by NotPetya is pegged to more than $10 billion to date, crippling several multinational companies like Maersk, Merck, FedEx’s TNT Express, Saint-Gobain, Mondelēz, and Reckitt Benckiser.
In a similar development, the UK government also formally accused the GRU of perpetrating cyber reconnaissance against officials and organizations at the 2020 Tokyo Olympic and Paralympic Games earlier this summer before they were postponed next year due to COVID-19.
This is not the first time GRU has come under the DoJ scanner. Two years back, the US government charged seven officers working for the military intelligence agency for conducting sophisticated computer intrusions against US entities as part of an influence and disinformation campaign designed to counter anti-doping efforts.