Six Russian GRU Officers Charged in Connection with Worldwide Deployment of Destructive Malware and Other Disruptive Actions in Cyberspace
From the U.S. Department of Justice yesterday:
On Oct. 15, 2020, a federal grand jury in Pittsburgh returned an indictment charging six computer hackers, all of whom were residents and nationals of the Russian Federation (Russia) and officers in Unit 74455 of the Russian Main Intelligence Directorate (GRU), a military intelligence agency of the General Staff of the Armed Forces.
These GRU hackers and their co-conspirators engaged in computer intrusions and attacks intended to support Russian government efforts to undermine, retaliate against, or otherwise destabilize: (1) Ukraine; (2) Georgia; (3) elections in France; (4) efforts to hold Russia accountable for its use of a weapons-grade nerve agent, Novichok, on foreign soil; and (5) the 2018 PyeongChang Winter Olympic Games after Russian athletes were banned from participating under their nation’s flag, as a consequence of Russian government-sponsored doping effort.
Their computer attacks used some of the world’s most destructive malware to date, including: KillDisk and Industroyer, which each caused blackouts in Ukraine; NotPetya, which caused nearly $1 billion in losses to the three victims identified in the indictment alone; and Olympic Destroyer, which disrupted thousands of computers used to support the 2018 PyeongChang Winter Olympics. The indictment charges the defendants with conspiracy, computer hacking, wire fraud, aggravated identity theft, and false registration of a domain name.[…]
The indictment accuses each defendant of committing the following overt acts in furtherance of the charged crimes:
Defendant Summary of Overt Acts Yuriy Sergeyevich Andrienko · Developed components of the NotPetya and Olympic Destroyer malware. Sergey Vladimirovich Detistov · Developed components of the NotPetya malware; and
· Prepared spearphishing campaigns targeting the 2018 PyeongChang Winter Olympic Games.
Pavel Valeryevich Frolov · Developed components of the KillDisk and NotPetya malware. Anatoliy Sergeyevich Kovalev · Developed spearphishing techniques and messages used to target:
– En Marche! officials;
– employees of the DSTL;
– members of the IOC and Olympic athletes; and
– employees of a Georgian media entity.
Artem Valeryevich Ochichenko · Participated in spearphishing campaigns targeting 2018 PyeongChang Winter Olympic Games partners; and
· Conducted technical reconnaissance of the Parliament of Georgia official domain and attempted to gain unauthorized access to its network.
Petr Nikolayevich Pliskin · Developed components of the NotPetya and Olympic Destroyer malware.
Read the full press release on DOJ’s web site.