US charges six Russians behind NotPetya and Olympics hacks

The GRU members spread some of the most infamous malware strains including NotPetya and Olympic Destroyer

Abstract silhouette of a computer hacker in front of a Russian flag

The US government has charged six Russian intelligence officers who instigated several devastating malware attacks, including the infamous attempt to disrupt the 2018 Winter Olympic Games.

This has come in conjunction with the UK's National Cyber Security Centre (NCSC) exposing a fresh campaign sponsored by the GRU to disrupt organisations engaged in the forthcoming 2020 Olympics. 

The six hackers, all members of the Russian military intelligence agency known as the GRU, engaged in malware campaigns on behalf of the state in order to target a number of targets, including Ukraine, Georgia and France.

Cyber activities have also extended to undermining efforts to hold Russian accountable for the use of Novichok on foreign soil, as well as the 2018 South Korean Winter Olympic Games, according to an indictment.

“The FBI has repeatedly warned that Russia is a highly capable cyber adversary, and the information revealed in this indictment illustrates how pervasive and destructive Russia’s cyber activities truly are,” said FBI deputy director David Bowdich.

“But this indictment also highlights the FBI’s capabilities.  We have the tools to investigate these malicious malware attacks, identify the perpetrators, and then impose risks and consequences on them.”

The six charged comprise Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko, and Petr Nikolayevich Pliskin.

They have officially been charged seven counts of conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft. 

The indictment also ties the six, who fall under Unit 74455 of the GRU, with the use of KillDisk and Industroyer, which each caused blackouts in Ukraine, as well as NotPetyaOlympic Destroyer, meanwhile, was also used to disrupt thousands of computers supporting the 2018 Winter Olympics.

The defendants and their co-conspirators deployed these strains from November 2015 through to at least around October 2019, and were at the centre of some of the biggest hacking incidents throughout this period.

The PyeongChang Winter Olympics IT systems were compromised by the Olympic Destroyer malware between December 2017 and February 2018. This culminated in the disruptive attack during the opening ceremony.

The group also launched spear-phishing campaigns and hack-and-leak efforts against French President Emmanual Macron’s campaign during the 2017 French election.

This is in addition to the global NotPetya malware attack that affected all kinds of individuals, organisations and systems. Three victims alone, the US Heritage Valley Health System, a FedEx subsidiary TNT Express, and a large US pharmaceutical firm, collectively suffered $1 billion in losses from the attacks.

The NCSC has accused GRU members of continuing cyber reconnaissance activities with regards to targeting organisations involved in the 2020 Olympic and Paralympic Games. 

“We condemn these attacks carried out by the GRU and fully support the criminal charges announced today by the US Department of Justice," said the NCSC director of operations Paul Chichester.

“These attacks have had very real consequences around the world – both to national economies and the everyday lives of people. We will continue to work with our allies to ensure that we are the hardest possible target for those that seek to cause disruption and harm in cyber space.”

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Recommended

What is cyber warfare?
Security

What is cyber warfare?

2 Mar 2021
IT security awareness and training firm KnowBe4 acquires MediaPRO
Acquisition

IT security awareness and training firm KnowBe4 acquires MediaPRO

3 Mar 2021
High-risk email security threats increased by 32% last year
phishing

High-risk email security threats increased by 32% last year

3 Mar 2021
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

3 Mar 2021

Most Popular

Star Alliance passenger data stolen in SITA data breach
data breaches

Star Alliance passenger data stolen in SITA data breach

5 Mar 2021
I went shopping at Amazon’s till-less supermarket so that you don’t have to
automation

I went shopping at Amazon’s till-less supermarket so that you don’t have to

5 Mar 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021