US charges six Russians behind NotPetya and Olympics hacks

The GRU members spread some of the most infamous malware strains including NotPetya and Olympic Destroyer

The US government has charged six Russian intelligence officers who instigated several devastating malware attacks, including the infamous attempt to disrupt the 2018 Winter Olympic Games.

This has come in conjunction with the UK's National Cyber Security Centre (NCSC) exposing a fresh campaign sponsored by the GRU to disrupt organisations engaged in the forthcoming 2020 Olympics. 

The six hackers, all members of the Russian military intelligence agency known as the GRU, engaged in malware campaigns on behalf of the state in order to target a number of targets, including Ukraine, Georgia and France.

Cyber activities have also extended to undermining efforts to hold Russian accountable for the use of Novichok on foreign soil, as well as the 2018 South Korean Winter Olympic Games, according to an indictment.

“The FBI has repeatedly warned that Russia is a highly capable cyber adversary, and the information revealed in this indictment illustrates how pervasive and destructive Russia’s cyber activities truly are,” said FBI deputy director David Bowdich.

“But this indictment also highlights the FBI’s capabilities.  We have the tools to investigate these malicious malware attacks, identify the perpetrators, and then impose risks and consequences on them.”

The six charged comprise Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko, and Petr Nikolayevich Pliskin.

They have officially been charged seven counts of conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft. 

The indictment also ties the six, who fall under Unit 74455 of the GRU, with the use of KillDisk and Industroyer, which each caused blackouts in Ukraine, as well as NotPetyaOlympic Destroyer, meanwhile, was also used to disrupt thousands of computers supporting the 2018 Winter Olympics.

The defendants and their co-conspirators deployed these strains from November 2015 through to at least around October 2019, and were at the centre of some of the biggest hacking incidents throughout this period.

The PyeongChang Winter Olympics IT systems were compromised by the Olympic Destroyer malware between December 2017 and February 2018. This culminated in the disruptive attack during the opening ceremony.

The group also launched spear-phishing campaigns and hack-and-leak efforts against French President Emmanual Macron’s campaign during the 2017 French election.

This is in addition to the global NotPetya malware attack that affected all kinds of individuals, organisations and systems. Three victims alone, the US Heritage Valley Health System, a FedEx subsidiary TNT Express, and a large US pharmaceutical firm, collectively suffered $1 billion in losses from the attacks.

The NCSC has accused GRU members of continuing cyber reconnaissance activities with regards to targeting organisations involved in the 2020 Olympic and Paralympic Games. 

“We condemn these attacks carried out by the GRU and fully support the criminal charges announced today by the US Department of Justice," said the NCSC director of operations Paul Chichester.

“These attacks have had very real consequences around the world – both to national economies and the everyday lives of people. We will continue to work with our allies to ensure that we are the hardest possible target for those that seek to cause disruption and harm in cyber space.”

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Russia's "politically motivated" REvil raid could be used as leverage, experts warn
ransomware

Russia's "politically motivated" REvil raid could be used as leverage, experts warn

17 Jan 2022
Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp
phishing

Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp

21 Dec 2021
Five things to consider before choosing an MFA solution
Security

Five things to consider before choosing an MFA solution

17 Dec 2021
Australia and US sign CLOUD Act data-sharing deal to support criminal investigations
cyber crime

Australia and US sign CLOUD Act data-sharing deal to support criminal investigations

16 Dec 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022