Security Experts:

Connect with us

Hi, what are you looking for?



U.S. Charges Russian Intelligence Officers for NotPetya, Industroyer Attacks

The U.S. Department of Justice on Monday announced charges against six Russian intelligence officers for their alleged role in several major cyberattacks conducted over the past years.

The U.S. Department of Justice on Monday announced charges against six Russian intelligence officers for their alleged role in several major cyberattacks conducted over the past years.

The defendants are Yuriy Sergeyevich Andrienko, aged 32, Sergey Vladimirovich Detistov, 35, Pavel Valeryevich Frolov, 28, Anatoliy Sergeyevich Kovalev, 29, Artem Valeryevich Ochichenko, 27, and Petr Nikolayevich Pliskin, 32.

They have all been charged with damaging protected computers, conspiracy to conduct computer fraud and abuse, wire fraud, conspiracy to commit wire fraud, and aggravated identity theft.

The men are said to be members of Russia’s GRU military intelligence agency, which has long been known to conduct hacking operations on behalf of Moscow. Specifically, the suspects are said to be part of a group named Sandworm, which is also known as Telebots, Iron Viking and Voodoo Bear.

Sandworm is believed to be behind many high-profile attacks launched over the past years. The indictment against the Russian intelligence officers mentions attacks on Ukraine, including the destructive attacks aimed at the country’s power grid in 2015 and 2016 using the malware families known as BlackEnergy and Industroyer.

The group has also been linked to the NotPetya attack, which involved a wiper disguised as ransomware and which cost many companies millions of dollars. This attack was attributed to Russia by several governments in 2018.

The indictment also mentions the operation targeting elections in France in 2017, which involved data leaks. The hackers are also said to have targeted the PyeongChang Winter Olympics with the Olympic Destroyer malware, as well as Georgian companies and government organizations. For the attacks on Georgia, the US and the UK officially blamed Russia earlier this year.

John Hultquist, senior director of analysis at FireEye’s Mandiant Threat Intelligence, pointed out that while it’s not mentioned in the indictment, Sandworm was also involved in operations aimed at the 2016 presidential elections in the United States.

“This actor’s involvement in election interference in France is especially important as we near the end of elections in the US. One possible scenario we are anticipating is a very late game hack and leak operation, such as the one that was carried out in France. This incident is a reminder that dramatic late game operations are possible in the eleventh hour. Additionally, leaked information included fabricated materials, a reminder that actors may mix legitimate, stolen materials with items they have fabricated themselves,” Hultquist told SecurityWeek.

The Justice Department claims the defendants were involved in developing malware and malware components, preparing and conducting spear-phishing campaigns, and conducting reconnaissance.

The suspects are all at large and have been added by the FBI to its Cyber’s Most Wanted list. If convicted, they could be sentenced to lengthy prison terms.

Russian hackers charged

“For more than two years we have worked tirelessly to expose these Russian GRU Officers who engaged in a global campaign of hacking, disruption and destabilization, representing the most destructive and costly cyber-attacks in history,” said Scott Brady, U.S. Attorney for the Western District of Pennsylvania. “The crimes committed by Russian government officials were against real victims who suffered real harm. We have an obligation to hold accountable those who commit crimes – no matter where they reside and no matter for whom they work – in order to seek justice on behalf of these victims.”

U.S. authorities have credited several companies in the private sector for their assistance in the Sandworm investigation, including Google, Cisco Talos, Facebook and Twitter.

Related: U.S. Government Indicts Two Russian FSB Officers Over Yahoo Hack

Related: 12 Russian Intelligence Officers Indicted for Hacking U.S. Democrats

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.


Cybercriminals earned significantly less from ransomware attacks in 2022 compared to 2021 as victims are increasingly refusing to pay ransom demands.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.