The U.S. has charged six Russian Russian Main Intelligence Directorate (GRU) officers of carrying out sweeping state-sponsored cyber attacks that included taking Ukraine's power grid offline, and election interference in France.
GRU is a military intelligence agency of the General Staff of the Armed Forces. In 2018, the U.S. indicted seven officers tied to Unit 74455 of GRU in relation to Moscow's efforts to interfere in America’s 2016 presidential election. The latest round of charges does not pertain to those activities.
In a statement today, the U.S. Department of Justice said the GRU hackers and their co-conspirators engaged in computer intrusions and attacks intended to support Russian government efforts to undermine, retaliate against, or otherwise destabilize: (1) Ukraine; (2) Georgia; (3) 2017 elections in France; (4) efforts to hold Russia accountable for its use of a weapons-grade nerve agent, Novichok, on foreign soil; and (5) the 2018 PyeongChang Winter Olympic Games after Russian athletes were banned from participating under their nation’s flag, as a consequence of Russian government-sponsored doping effort.
"The new allegations of cyberattacks aimed at interfering are another step to discredit Moscow. Such statements have never been accompanied by strong evidence," Leonid Slutsky, chairman of the State Duma's international affairs committee, told Interfax on Monday.
Their computer attacks used some of the world’s most destructive malware to date, including: KillDisk and Industroyer, which each caused blackouts in Ukraine; NotPetya, which caused nearly $1 billion in losses to the three victims identified in the indictment alone; and Olympic Destroyer, which disrupted thousands of computers used to support the 2018 PyeongChang Winter Olympics. The indictment charges the officials with conspiracy, computer hacking, wire fraud, aggravated identity theft, and false registration of a domain name, the U.S. Justice Department said.
Cybersecurity researchers have tracked the Conspirators and their malicious activity using the labels “Sandworm Team,” “Telebots,” “Voodoo Bear,” and “Iron Viking.”
“No country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite,” said Assistant Attorney General for National Security John C. Demers. “Today the department has charged these Russian officers with conducting the most disruptive and destructive series of computer attacks ever attributed to a single group, including by unleashing the NotPetya malware. No nation will recapture greatness while behaving in this way.”
The attacks caused damage and disruption to computer networks worldwide, including in France, Georgia, the Netherlands, Republic of Korea, Ukraine, the United Kingdom, and the United States. The NotPetya attack in 2017 is widely credited as being the costliest cyber attack in history. It infected computers across the world, and the U.S. has steadfastly maintained it was the work of the Russian government.