Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

U.S. Charges Russian Intelligence Officers for NotPetya, Industroyer Attacks

The U.S. Department of Justice on Monday announced charges against six Russian intelligence officers for their alleged role in several major cyberattacks conducted over the past years.

The U.S. Department of Justice on Monday announced charges against six Russian intelligence officers for their alleged role in several major cyberattacks conducted over the past years.

The defendants are Yuriy Sergeyevich Andrienko, aged 32, Sergey Vladimirovich Detistov, 35, Pavel Valeryevich Frolov, 28, Anatoliy Sergeyevich Kovalev, 29, Artem Valeryevich Ochichenko, 27, and Petr Nikolayevich Pliskin, 32.

They have all been charged with damaging protected computers, conspiracy to conduct computer fraud and abuse, wire fraud, conspiracy to commit wire fraud, and aggravated identity theft.

The men are said to be members of Russia’s GRU military intelligence agency, which has long been known to conduct hacking operations on behalf of Moscow. Specifically, the suspects are said to be part of a group named Sandworm, which is also known as Telebots, Iron Viking and Voodoo Bear.

Sandworm is believed to be behind many high-profile attacks launched over the past years. The indictment against the Russian intelligence officers mentions attacks on Ukraine, including the destructive attacks aimed at the country’s power grid in 2015 and 2016 using the malware families known as BlackEnergy and Industroyer.

The group has also been linked to the NotPetya attack, which involved a wiper disguised as ransomware and which cost many companies millions of dollars. This attack was attributed to Russia by several governments in 2018.

The indictment also mentions the operation targeting elections in France in 2017, which involved data leaks. The hackers are also said to have targeted the PyeongChang Winter Olympics with the Olympic Destroyer malware, as well as Georgian companies and government organizations. For the attacks on Georgia, the US and the UK officially blamed Russia earlier this year.

John Hultquist, senior director of analysis at FireEye’s Mandiant Threat Intelligence, pointed out that while it’s not mentioned in the indictment, Sandworm was also involved in operations aimed at the 2016 presidential elections in the United States.

Advertisement. Scroll to continue reading.

“This actor’s involvement in election interference in France is especially important as we near the end of elections in the US. One possible scenario we are anticipating is a very late game hack and leak operation, such as the one that was carried out in France. This incident is a reminder that dramatic late game operations are possible in the eleventh hour. Additionally, leaked information included fabricated materials, a reminder that actors may mix legitimate, stolen materials with items they have fabricated themselves,” Hultquist told SecurityWeek.

The Justice Department claims the defendants were involved in developing malware and malware components, preparing and conducting spear-phishing campaigns, and conducting reconnaissance.

The suspects are all at large and have been added by the FBI to its Cyber’s Most Wanted list. If convicted, they could be sentenced to lengthy prison terms.

Russian hackers charged

“For more than two years we have worked tirelessly to expose these Russian GRU Officers who engaged in a global campaign of hacking, disruption and destabilization, representing the most destructive and costly cyber-attacks in history,” said Scott Brady, U.S. Attorney for the Western District of Pennsylvania. “The crimes committed by Russian government officials were against real victims who suffered real harm. We have an obligation to hold accountable those who commit crimes – no matter where they reside and no matter for whom they work – in order to seek justice on behalf of these victims.”

U.S. authorities have credited several companies in the private sector for their assistance in the Sandworm investigation, including Google, Cisco Talos, Facebook and Twitter.

Related: U.S. Government Indicts Two Russian FSB Officers Over Yahoo Hack

Related: 12 Russian Intelligence Officers Indicted for Hacking U.S. Democrats

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.