U.S. Charges Russia GRU Intelligence Officers for notorious attacks, including NotPetya

The U.S. DoJ announced charges against six Russian intelligence officers for their role in several major cyberattacks carried out over the last years.

The U.S. Department of Justice announced charges against six members of Russia’s GRU military intelligence agency for their alleged role in several major cyberattacks conducted over the past years.

The defendants are Yuriy Sergeyevich Andrienko, aged 32, Sergey Vladimirovich Detistov, 35, Pavel Valeryevich Frolov, 28, Anatoliy Sergeyevich Kovalev, 29, Artem Valeryevich Ochichenko, 27, and Petr Nikolayevich Pliskin, 32.

The six Russian intelligence officers are believed to be members of the Russia-linked Sandworm APT group (aka Telebots, Iron Viking and Voodoo Bear).

According to the indictment, the GRU officers were involved in attacks on Ukraine, including the attacks aimed at the country’s power grid in 2015 and 2016 that employed the BlackEnergy and Industroyer malware.

US DoJ charged the men with damaging protected computers, conspiracy to conduct computer fraud and abuse, wire fraud, conspiracy to commit wire fraud, and aggravated identity theft.

Government experts linked the Russian APT group to major attacks, including NotPetya, a hacking operation targeting elections in France in 2017, the attack against PyeongChang Winter Olympics that involved the Olympic Destroyer malware, as well as a series of attacks on Georgian companies and government organizations.

“Their computer attacks used some of the world’s most destructive malware to date, including: KillDisk and Industroyer, which each caused blackouts in Ukraine; NotPetya, which caused nearly $1 billion in losses to the three victims identified in the indictment alone; and Olympic Destroyer, which disrupted thousands of computers used to support the 2018 PyeongChang Winter Olympics.” reads the press release published by the DoJ. “The indictment charges the defendants with conspiracy, computer hacking, wire fraud, aggravated identity theft, and false registration of a domain name.”

Since November 2015 and until at least in October 2019, the defendants and their co-conspirators were involved in the development and deployment of destructive malware and took part in disruptive hacking campaign actions,.

Below the list overt acts for each defendant:

Defendant	Summary of Overt Acts
Yuriy Sergeyevich Andrienko	·      Developed components of the NotPetya and Olympic Destroyer malware.
Sergey Vladimirovich Detistov	·      Developed components of the NotPetya malware; and·      Prepared spearphishing campaigns targeting the 2018 PyeongChang Winter Olympic Games.
Pavel Valeryevich Frolov	·       Developed components of the KillDisk and NotPetya malware.
Anatoliy Sergeyevich Kovalev	·       Developed spearphishing techniques and messages used to target:-       En Marche! officials;-       employees of the DSTL;-       members of the IOC and Olympic athletes; and-       employees of a Georgian media entity.
Artem Valeryevich Ochichenko	·       Participated in spearphishing campaigns targeting 2018 PyeongChang Winter Olympic Games partners; and·       Conducted technical reconnaissance of the Parliament of Georgia official domain and attempted to gain unauthorized access to its network.
Petr Nikolayevich Pliskin	·       Developed components of the NotPetya and Olympic Destroyer malware.

The FBI added the defendants to the Cyber’s Most Wanted list.

“The FBI has repeatedly warned that Russia is a highly capable cyber adversary, and the information revealed in this indictment illustrates how pervasive and destructive Russia’s cyber activities truly are,” said FBI Deputy Director David Bowdich.  “But this indictment also highlights the FBI’s capabilities.  We have the tools to investigate these malicious malware attacks, identify the perpetrators, and then impose risks and consequences on them.  As demonstrated today, we will relentlessly pursue those who threaten the United States and its citizens.”

“For more than two years we have worked tirelessly to expose these Russian GRU Officers who engaged in a global campaign of hacking, disruption and destabilization, representing the most destructive and costly cyber-attacks in history,” said Scott Brady, U.S. Attorney for the Western District of Pennsylvania. “The crimes committed by Russian government officials were against real victims who suffered real harm. We have an obligation to hold accountable those who commit crimes – no matter where they reside and no matter for whom they work – in order to seek justice on behalf of these victims.”

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, intelligence)

[adrotate banner=”5″]

[adrotate banner=”13″]