US charges six Russians behind NotPetya and Olympics hacks

The GRU members spread some of the most infamous malware strains including NotPetya and Olympic Destroyer

The US government has charged six Russian intelligence officers who instigated several devastating malware attacks, including the infamous attempt to disrupt the 2018 Winter Olympic Games.

This has come in conjunction with the UK's National Cyber Security Centre (NCSC) exposing a fresh campaign sponsored by the GRU to disrupt organisations engaged in the forthcoming 2020 Olympics. 

The six hackers, all members of the Russian military intelligence agency known as the GRU, engaged in malware campaigns on behalf of the state in order to target a number of targets, including Ukraine, Georgia and France.

Cyber activities have also extended to undermining efforts to hold Russian accountable for the use of Novichok on foreign soil, as well as the 2018 South Korean Winter Olympic Games, according to an indictment.

“The FBI has repeatedly warned that Russia is a highly capable cyber adversary, and the information revealed in this indictment illustrates how pervasive and destructive Russia’s cyber activities truly are,” said FBI deputy director David Bowdich.

“But this indictment also highlights the FBI’s capabilities.  We have the tools to investigate these malicious malware attacks, identify the perpetrators, and then impose risks and consequences on them.”

The six charged comprise Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko, and Petr Nikolayevich Pliskin.

They have officially been charged seven counts of conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft. 

The indictment also ties the six, who fall under Unit 74455 of the GRU, with the use of KillDisk and Industroyer, which each caused blackouts in Ukraine, as well as NotPetyaOlympic Destroyer, meanwhile, was also used to disrupt thousands of computers supporting the 2018 Winter Olympics.

The defendants and their co-conspirators deployed these strains from November 2015 through to at least around October 2019, and were at the centre of some of the biggest hacking incidents throughout this period.

The PyeongChang Winter Olympics IT systems were compromised by the Olympic Destroyer malware between December 2017 and February 2018. This culminated in the disruptive attack during the opening ceremony.

The group also launched spear-phishing campaigns and hack-and-leak efforts against French President Emmanual Macron’s campaign during the 2017 French election.

This is in addition to the global NotPetya malware attack that affected all kinds of individuals, organisations and systems. Three victims alone, the US Heritage Valley Health System, a FedEx subsidiary TNT Express, and a large US pharmaceutical firm, collectively suffered $1 billion in losses from the attacks.

The NCSC has accused GRU members of continuing cyber reconnaissance activities with regards to targeting organisations involved in the 2020 Olympic and Paralympic Games. 

“We condemn these attacks carried out by the GRU and fully support the criminal charges announced today by the US Department of Justice," said the NCSC director of operations Paul Chichester.

“These attacks have had very real consequences around the world – both to national economies and the everyday lives of people. We will continue to work with our allies to ensure that we are the hardest possible target for those that seek to cause disruption and harm in cyber space.”

Featured Resources

Consumer choice and the payment experience

A software provider's guide to getting, growing, and keeping customers

Download now

Prevent fraud and phishing attacks with DMARC

How to use domain-based message authentication, reporting, and conformance for email security

Download now

Business in the new economy landscape

How we coped with 2020 and looking ahead to a brighter 2021

Download now

How to increase cyber resilience within your organisation

Cyber resilience for dummies

Download now

Recommended

What is cyber warfare?
Security

What is cyber warfare?

2 Jun 2021
HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021
NSA releases guidance on voice and video communications security
Voice over Internet Protocol (VoIP)

NSA releases guidance on voice and video communications security

18 Jun 2021
Ransomware criminals look to other hackers to provide them with network access
ransomware

Ransomware criminals look to other hackers to provide them with network access

17 Jun 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

16 Jun 2021
Q&A: Enabling transformation
Sponsored

Q&A: Enabling transformation

10 Jun 2021
Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021