The US Department of Justice has indicted six Russian intelligence workers for hacking operations relevant to the Pyeongchang Winter Olympics, the 2017 French elections, and the infamous NotPetya ransomware attack.

Thought to be part of the select Russian hacking group known as “Sandworm”, the indictment suggests that all 6 individuals are part of the Russian Main Intelligence Directorate known as GRU.

“No country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite,” said Assistant Attorney General for National Security John C. Demers.

The US charged Yuriy Sergeyevich Andrienko, 32; Sergey Vladimirovich Detistov, 35; Pavel Valeryevich Frolov, 28; Anatoliy Sergeyevich Kovalev, 29; Artem Valeryevich Ochichenko , 27; and Petr Nikolayevich Pliskin, 32.

They are all charged with conspiracy to carry out computer deception and manipulation, conspiracy to commit wire scam, wire fraud, harming protected computers, and intensified identity theft.

The hacking activities they were indicted for include:

Ukrainian Government & Critical Infrastructure: December 2015 through December 2016 destructive malware attacks against Ukraine’s electric power grid, Ministry of Finance, and State Treasury Service, using malware known as BlackEnergy, Industroyer, and KillDisk;

French Elections: April and May 2017 spearphishing movements and associated hack-and-leak efforts targeting French President Macron’s “La République En Marche!” (En Marche!) political party, French politicians, and local French governments prior to the 2017 French elections;

Worldwide Businesses and Critical Infrastructure (NotPetya): June 27, 2017 damaging malware attacks that infected computers worldwide using malware known as NotPetya, including hospitals and other medical amenities in the Heritage Valley Health System (Heritage Valley) in the Western District of Pennsylvania; a FedEx Corporation subsidiary, TNT Express B.V.; and a large U.S. pharmaceutical manufacturer, which together suffered nearly $1 billion in losses from the attacks;

PyeongChang Winter Olympics Hosts, Participants, Partners, and Attendees: December 2017 through February 2018 spearphishing movements and malevolent mobile requests targeting South Korean citizens and officials, Olympic athletes, associates, and visitors, and International Olympic Committee (IOC) officials;

PyeongChang Winter Olympics IT Systems (Olympic Destroyer): December 2017 through February 2018 intrusions into computers supporting the 2018 PyeongChang Winter Olympic Games, which culminated in the Feb. 9, 2018, destructive malware attack against the opening ceremony, using malware known as Olympic Destroyer;

Novichok Poisoning Investigations: April 2018 spearphishing campaigns targeting inquiries by the Organization for the Prohibition of Chemical Weapons (OPCW) and the United Kingdom’s Defence Science and Technology Laboratory (DSTL) into the nerve agent poisoning of Sergei Skripal, his daughter, and several U.K. citizens; and

Georgian Companies and Government Entities: a 2018 spearphishing campaign targeting a chief media company, 2019 efforts to affect the network of Parliament, and a extensive website damage campaign in 2019.

Leave a Reply

Your email address will not be published. Required fields are marked *