US charges six Russians behind NotPetya and Olympics hacks

The GRU members spread some of the most infamous malware strains including NotPetya and Olympic Destroyer

The US government has charged six Russian intelligence officers who instigated several devastating malware attacks, including the infamous attempt to disrupt the 2018 Winter Olympic Games.

This has come in conjunction with the UK's National Cyber Security Centre (NCSC) exposing a fresh campaign sponsored by the GRU to disrupt organisations engaged in the forthcoming 2020 Olympics. 

The six hackers, all members of the Russian military intelligence agency known as the GRU, engaged in malware campaigns on behalf of the state in order to target a number of targets, including Ukraine, Georgia and France.

Cyber activities have also extended to undermining efforts to hold Russian accountable for the use of Novichok on foreign soil, as well as the 2018 South Korean Winter Olympic Games, according to an indictment.

“The FBI has repeatedly warned that Russia is a highly capable cyber adversary, and the information revealed in this indictment illustrates how pervasive and destructive Russia’s cyber activities truly are,” said FBI deputy director David Bowdich.

“But this indictment also highlights the FBI’s capabilities.  We have the tools to investigate these malicious malware attacks, identify the perpetrators, and then impose risks and consequences on them.”

The six charged comprise Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko, and Petr Nikolayevich Pliskin.

They have officially been charged seven counts of conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft. 

The indictment also ties the six, who fall under Unit 74455 of the GRU, with the use of KillDisk and Industroyer, which each caused blackouts in Ukraine, as well as NotPetyaOlympic Destroyer, meanwhile, was also used to disrupt thousands of computers supporting the 2018 Winter Olympics.

The defendants and their co-conspirators deployed these strains from November 2015 through to at least around October 2019, and were at the centre of some of the biggest hacking incidents throughout this period.

The PyeongChang Winter Olympics IT systems were compromised by the Olympic Destroyer malware between December 2017 and February 2018. This culminated in the disruptive attack during the opening ceremony.

The group also launched spear-phishing campaigns and hack-and-leak efforts against French President Emmanual Macron’s campaign during the 2017 French election.

This is in addition to the global NotPetya malware attack that affected all kinds of individuals, organisations and systems. Three victims alone, the US Heritage Valley Health System, a FedEx subsidiary TNT Express, and a large US pharmaceutical firm, collectively suffered $1 billion in losses from the attacks.

The NCSC has accused GRU members of continuing cyber reconnaissance activities with regards to targeting organisations involved in the 2020 Olympic and Paralympic Games. 

“We condemn these attacks carried out by the GRU and fully support the criminal charges announced today by the US Department of Justice," said the NCSC director of operations Paul Chichester.

“These attacks have had very real consequences around the world – both to national economies and the everyday lives of people. We will continue to work with our allies to ensure that we are the hardest possible target for those that seek to cause disruption and harm in cyber space.”

Featured Resources

Defeating ransomware with unified security from WatchGuard

How SMBs can defend against the onslaught of ransomware attacks

Free download

The IT expert’s guide to AI and content management

How artificial intelligence and machine learning could be critical to your business

Free download

The path to CX excellence

Four stages to thrive in the experience economy

Free download

Becoming an experience-based business

Your blueprint for a strong digital foundation

Free download

Recommended

Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

17 Sep 2021
How do hackers choose their targets?
hacking

How do hackers choose their targets?

17 Sep 2021
Owner of DDoS for hire sites found guilty of hacking offences
distributed denial of service (DDOS)

Owner of DDoS for hire sites found guilty of hacking offences

17 Sep 2021
Microsoft brings passwordless security to consumer accounts
Microsoft Windows

Microsoft brings passwordless security to consumer accounts

16 Sep 2021

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Apple patches zero-day flaw abused by infamous NSO exploit
exploits

Apple patches zero-day flaw abused by infamous NSO exploit

14 Sep 2021
Google takes down map showing homes of 111,000 Guntrader customers
data breaches

Google takes down map showing homes of 111,000 Guntrader customers

2 Sep 2021