6 Russian Hackers Indicted for Offensive Cyber Campaigns Including 2017 NotPetya Wiper Attacks

The U.S. Department of Justice has announced 6 Russian hackers have been indicted for their role in the 2017 NotPetya malware attacks and a long list of offensive cyber campaigns on multiple targets in the United States and other countries.

The six individuals are suspected members of the GRU: Russia’s Main Intelligence Directorate, specifically GRU Unit 74455, which is also known as Sandworm. The Sandworm unit is believed to be behind a long list of offensive cyber campaigns spanning several years.

Sandworm is suspected of being instrumental in attempts to influence foreign elections, including the 2016 U.S. presidential election and the 2017 French Presidential election. One of the most destructive offensive campaigns involved the use of NotPetya malware in 2017. NotPetya was a wiper malware used in destructive attacks worldwide that leveraged the Microsoft Windows Server Message Block (SMBv1) vulnerability.

Several hospitals and medical clinics were affected by NotPetya and had data wiped and computer systems taken out of action. NotPetya hit the pharmaceutical giant Merck, Danish shipping firm Maersk, and FedEx subsidiary TNT Express. The attack on Merck has been estimated to have cost $1.3 billion. In total, the malware caused more than $10 billion in damages and affected more than 300 companies worldwide.

Sandworm was also behind attempts to disrupt the 2018 Winter Olympics using Olympic Destroyer malware, and the hackers attempted to disrupt the investigation of the Novichok poisonings of former Russian spy Sergei Skripal and his daughter by the Organization for the Prohibition of Chemical Weapons and the U.K.’s Defense Science and Technology Laboratory.

Sandworm was also behind destructive attacks on Ukraine’s energy grid between December 2015 and December 2016 and other government targets using KillDisk, BlackEnergy, and Industroyer malware, along with attacks on government entities and companies in Georgia in 2018.

“The crimes committed by these defendants and Unit 74455 are truly breathtaking in their scope, scale and impact,” said U.S. Attorney for the Western District of Pennsylvania, Scott Brady. “These are not acts of traditional spying against governments. Instead, these are crimes committed by Russian government officials against real victims who suffered real harm.”

The alleged Russian operatives are Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko and Petr Nikolayevich Pliskin. Each has been charged with 7 counts – one count of  conspiracy to commit computer fraud and abuse, one count of conspiracy to commit wire fraud, one count of intentional damage to a protected computer, two counts of wire fraud, and two counts of aggravated identity theft, with the indictment also alleging false registration of domain names. In total, the maximum possible sentence if found guilty on all counts is 71 years in prison. The indictment also includes details of the specific roles each defendant played in the attacks, confirmed the detailed nature of the intelligence collected on each individual by intelligence agencies, law enforcement, foreign governments, and private companies.

“No country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite,” said Assistant Attorney General for National Security John C. Demers.  “Today the department has charged these Russian officers with conducting the most disruptive and destructive series of computer attacks ever attributed to a single group, including by unleashing the NotPetya malware.  No nation will recapture greatness while behaving in this way.”

Russian has responded by denying any involvement in the cyberattacks attributed to the hackers. A spokesperson for the Russian embassy in Washington said, “Russia does not and did not have intentions to engage in any kind of destabilizing operations around the world. This does not correspond to our foreign policy, national interests or our understanding of how relations between states are built. Russia respects the sovereignty of other countries and does not interfere in their affairs.”

It is unlikely that the indicted hackers will ever face a trial, as there is no extradition treaty between Russia and the United States.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.