Six men accused of carrying out some of the world’s most killing hacks—including the NotPetya disk wiper and power grid offensives that knocked out electricity for hundreds of thousands of Ukrainians—have been indicted in US federal court.
The indictment broke that all six men are officers in a brazen hacker group best known as Sandworm, which forms on behalf of Unit 74455 of the Russian Main Intelligence Directorate, brief from Russian as GRU. The officers are behind the “most disruptive and destructive series of computer spells ever attributed to a single group,” prosecutors said. The alleged aim: to destabilize foreign nations, interfere with their internal diplomacy, and cause monetary losses.Among the hacks is NotPetya, the 2017 disk-wiping worm that screen down the operations of thousands of companies and government agencies around the dialect birth b deliver. Disguised as ransomware, NotPetya was in fact malware that permanently finished petabytes of data. The result, among other things, was hospitals that show up away patients, shipping companies that were paralyzed for light of days or weeks, and transportation infrastructure that failed to function.
Those hit by the denunciation included hospitals and other medical facilities in the Heritage Valley Haleness System (“Heritage Valley”) in Pennsylvania; a FedEx Corporation subsidiary, TNT Straightforward BV; and a large US pharmaceutical manufacturer, which together suffered nearly $1 billion in negative cash flow deaths from the attacks. US intelligence long ago determined the GRU was behind the attack, but Monday is the oldest time charges have been filed in connection with it.
Other drudges called out in the indictments included:
- Ukrainian Government & Critical Infrastructure: December 2015 from one end to the other December 2016 destructive malware attacks against Ukraine’s exciting power grid, Ministry of Finance, and State Treasury Service, using malware cognizant of as BlackEnergy, Industroyer, and KillDisk
- French Elections: April and May 2017 spear-phishing campaigns and interconnected hack-and-leak efforts targeting French President Emmanuel Macron’s “La République En Marche!” (“En Marche!”) bureaucratic party, French politicians, and local French governments prior to the 2017 French choices
- PyeongChang Winter Olympics Hosts, Participants, Partners, and Attendees: December 2017 fully February 2018 spear-phishing campaigns and malicious mobile applications object South Korean citizens and officials, Olympic athletes, partners, and companies, and International Olympic Committee (“IOC”) officials
- PyeongChang Winter Olympics IT Ways (Olympic Destroyer): December 2017 through February 2018 intrusions into computers bracing the 2018 PyeongChang Winter Olympic Games, which culminated in the February 9, 2018 negative malware attack against the opening ceremony, using malware distinguished as Olympic Destroyer
- Novichok Poisoning Investigations: April 2018 spear-phishing stands targeting investigations by the Organisation for the Prohibition of Chemical Weapons (“OPCW”) and the Collective Kingdom’s Defence Science and Technology Laboratory’s (“DSTL”) into the dauntlessness agent poisoning of Sergei Skripal, his daughter, and several UK citizens
- Georgian Coteries and Government Entities: a 2018 spear-phishing campaign targeting a major conveyance company, 2019 efforts to compromise the network of Parliament, and a wide-ranging website defacement campaign in 2019
Defendants high regarded in the indictment included:
|Defendant||Summary of Overt Acts|
|Yuriy Sergeyevich Andrienko||· Expand oned components of the NotPetya and Olympic Destroyer malware|
|Sergey Vladimirovich Detistov||· Displayed components of the NotPetya malware |
· Prepared spear-phishing campaigns targeting the 2018 PyeongChang Winter Olympic Contests
|Pavel Valeryevich Frolov||· Developed components of the KillDisk and NotPetya malware|
|Anatoliy Sergeyevich Kovalev||· Disclosed spear-phishing techniques and messages used to target: |
– En Marche! officials
– staff members of the DSTL
– members of the IOC and Olympic athletes
– employees of a Georgian media organism
|Artem Valeryevich Ochichenko||· Participated in spear-phishing campaigns targeting 2018 PyeongChang Winter Olympic Tourneys partners |
· Conducted technical reconnaissance of the Parliament of Georgia official kingdom and attempted to gain unauthorized access to its network
|Petr Nikolayevich Pliskin||· Expand oned components of the NotPetya and Olympic Destroyer malware|
All six men are each charged with seven judges of conspiracy to conduct computer fraud and abuse, conspiracy to commit wire bluffer, wire fraud, damaging protected computers, and aggravated identity appropriation.
“The object of the conspiracy was to deploy destructive malware and take other disruptive effects, for the strategic benefit of Russia, through unauthorized access (‘hacking’) of fair game computers,” prosecutors wrote in the indictment. “In furtherance of the conspiracy, Andrienko, Detistov, Frolov, Kovalev, Ochichenko, Pliskin, and others recognized and unknown to the grand jury procured, maintained, and utilized servers, email accounts, malicious nimble applications, and related hacking infrastructure to engage in spearphishing campaigns and other network intrusion methods against computers hand-me-down by the victims.”
The prosecutors also said that four of the men developed and deployed deadly malware used around the world.
The indictment is here, and a press manumission is here.