Pierluigi Paganini April 27, 2022

The U.S. government offers up to $10 million for info that allows to identify or locate six Russian GRU hackers who are members of the Sandworm APT group.

The US Department of State is offering up to $10 million for info that allows to identify or locate six Russian GRU hackers who are members of the Sandworm APT group. The reward is covered by the Rewards for Justice program of the US government, which rewards people that can share information that can allow to identify or locate foreign government threat actors who conduct cyber operations against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA).

The six individuals are Russian officers of the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU), a division of the Russian military intelligence that was often involved in malicious cyber operations against US infrastructure.

“RFJ is seeking information on six officers of the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU) for their role in a criminal conspiracy involving malicious cyber activities affecting U.S. critical infrastructure.” reads the press release published by the Department of State. “GRU officers Yuriy Sergeyevich Andrienko (Юрий Сергеевич Андриенко), Sergey Vladimirovich Detistov (Сергей Владимирович Детистов), Pavel Valeryevich Frolov (Павел Валерьевич Фролов), Anatoliy Sergeyevich Kovalev (Анатолий Сергеевич Ковалев), Artem Valeryevich Ochichenko (Артем Валерьевич Очиченко), and Petr Nikolayevich Pliskin (Петр Николаевич Плискин) were members of a conspiracy that deployed destructive malware and took other disruptive actions for the strategic benefit of Russia through unauthorized access to victim computers.”

The six Russian officers are all members of the GRU’s Unit 74455, also known as Sandworm, Telebots, Voodoo Bear, and Iron Viking.

This isn’t the first time that the US government indicted these members of the Sandworm team, in October 2020 the U.S. Department of Justice charged the six officials for their alleged role in several major cyberattacks conducted over the past years.

According to the indictment, the GRU officers were involved in attacks on Ukraine, including the attacks aimed at the country’s power grid in 2015 and 2016 that employed the BlackEnergy and Industroyer malware.

US DoJ charged the men with damaging protected computers, conspiracy to conduct computer fraud and abuse, wire fraud, conspiracy to commit wire fraud, and aggravated identity theft.

The US Department of State states that cyber activities conducted by the APT group collectively cost impatced U.S. entities nearly $1 billion in losses.

More information about this reward offer is available on the Rewards for Justice website, it is also possible to share information about these six individuals via the Tor-based tips-reporting channel at: he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion (Tor browser required).

“Since its inception in 1984, the program has paid in excess of $200 million to more than 100 people across the globe who provided actionable information that helped prevent terrorism, bring terrorist leaders to justice, and resolve threats to U.S. national security.” concludes the press release.

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform  

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, Sandworm)

[adrotate banner=”5″]

[adrotate banner=”13″]