US charges six Russians behind NotPetya and Olympics hacks

The GRU members spread some of the most infamous malware strains including NotPetya and Olympic Destroyer

Abstract silhouette of a computer hacker in front of a Russian flag

The US government has charged six Russian intelligence officers who instigated several devastating malware attacks, including the infamous attempt to disrupt the 2018 Winter Olympic Games.

This has come in conjunction with the UK's National Cyber Security Centre (NCSC) exposing a fresh campaign sponsored by the GRU to disrupt organisations engaged in the forthcoming 2020 Olympics. 

The six hackers, all members of the Russian military intelligence agency known as the GRU, engaged in malware campaigns on behalf of the state in order to target a number of targets, including Ukraine, Georgia and France.

Cyber activities have also extended to undermining efforts to hold Russian accountable for the use of Novichok on foreign soil, as well as the 2018 South Korean Winter Olympic Games, according to an indictment.

“The FBI has repeatedly warned that Russia is a highly capable cyber adversary, and the information revealed in this indictment illustrates how pervasive and destructive Russia’s cyber activities truly are,” said FBI deputy director David Bowdich.

“But this indictment also highlights the FBI’s capabilities.  We have the tools to investigate these malicious malware attacks, identify the perpetrators, and then impose risks and consequences on them.”

The six charged comprise Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko, and Petr Nikolayevich Pliskin.

They have officially been charged seven counts of conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft. 

The indictment also ties the six, who fall under Unit 74455 of the GRU, with the use of KillDisk and Industroyer, which each caused blackouts in Ukraine, as well as NotPetyaOlympic Destroyer, meanwhile, was also used to disrupt thousands of computers supporting the 2018 Winter Olympics.

The defendants and their co-conspirators deployed these strains from November 2015 through to at least around October 2019, and were at the centre of some of the biggest hacking incidents throughout this period.

The PyeongChang Winter Olympics IT systems were compromised by the Olympic Destroyer malware between December 2017 and February 2018. This culminated in the disruptive attack during the opening ceremony.

The group also launched spear-phishing campaigns and hack-and-leak efforts against French President Emmanual Macron’s campaign during the 2017 French election.

This is in addition to the global NotPetya malware attack that affected all kinds of individuals, organisations and systems. Three victims alone, the US Heritage Valley Health System, a FedEx subsidiary TNT Express, and a large US pharmaceutical firm, collectively suffered $1 billion in losses from the attacks.

The NCSC has accused GRU members of continuing cyber reconnaissance activities with regards to targeting organisations involved in the 2020 Olympic and Paralympic Games. 

“We condemn these attacks carried out by the GRU and fully support the criminal charges announced today by the US Department of Justice," said the NCSC director of operations Paul Chichester.

“These attacks have had very real consequences around the world – both to national economies and the everyday lives of people. We will continue to work with our allies to ensure that we are the hardest possible target for those that seek to cause disruption and harm in cyber space.”

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

What is cyber warfare?
Security

What is cyber warfare?

22 Sep 2020
SonicWall hacked via zero-day flaw in remote access tools
Security

SonicWall hacked via zero-day flaw in remote access tools

25 Jan 2021
Best ransomware removal tools
ransomware

Best ransomware removal tools

22 Jan 2021
Hackers publish over 4,000 files stolen from SEPA in ransomware attack
Security

Hackers publish over 4,000 files stolen from SEPA in ransomware attack

22 Jan 2021

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
What is the Raspberry Pi Pico?
Hardware

What is the Raspberry Pi Pico?

21 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021