U.S. Charges Six Russian Military Officers With ‘Destructive’ Global Hacking Campaign

This article was originally published Oct. 19, 2020, on Radio Free Europe/Radio Liberty.

The United States has charged six Russian military officers with a “destructive,” global criminal cyber-campaign that included the worldwide distribution of destructive malware and attempts to undermine the former Soviet republics of Georgia and Ukraine.

The indictment, announced by the Justice Department on October 19, also accuses the men of hacking French elections, the Seoul Olympics, and an international organization investigating Russia’s use of a deadly nerve agent.

The charges are the latest in a series of cybercriminal indictments leveled by the United States against Russian state and nonstate actors.

The six Russian nationals are all alleged to be officers in a unit of the Russian military intelligence directorate, known as the GRU, which the United States in 2018 accused of hacking into the computers of the Democratic National Convention two years earlier.

U.S. Attorney Scott Brady called the officers’ campaigns “the most destructive and costly cyberattacks in history.”

“No country has weaponized its cyber-capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite,” according to Assistant Attorney General for National Security John Demers.

Also on October 19, Britain’s Foreign Office said GRU hackers had targeted organizers of the 2020 Tokyo Olympics, which were postponed until next year because of the coronavirus pandemic.

Officials declined to give specific details about these attacks or say whether they were successful, but said they had targeted the Olympics’ organizers, logistics suppliers, and sponsors.

“The GRU’s actions against the Olympic and Paralympic Games are cynical and reckless. We condemn them in the strongest possible terms,” British Foreign Secretary Dominic Raab said

The United States received help in its years-long investigation of the GRU officers from foreign governments as well as some of the largest U.S. companies, including Google, Cisco, Facebook, and Twitter, the Justice Department said in its statement.

Even though the United States is unlikely to ever bring the men to justice, the charges essentially prevent the men from traveling to countries that have extradition agreements with the United States.

The six men indicted are Yury Andrienko, Sergei Detistov, Pavel Frolov, Anatoly Kovalev, Artyom Ochichenko, and Pyotr Pliskin.

They are charged with developing NotPetya, the malware that spread globally in 2017, causing upwards of $10 billion in damages and impairing critical medical services in western Pennsylvania.

They are also blamed for the cyberattacks against a series of Ukrainian targets from December 2015 through 2016, including the nation’s power grid and Finance Ministry, and cyberattacks against the Georgian parliament in 2019.

Russia has tense relations with both countries, having invaded Georgia in 2008 and annexed Ukraine’s Crimean Peninsula in 2014. Russia is also backing separatists in eastern Ukraine.

The Justice Department said the men were also behind a series of international spear-phishing campaigns, including against the political party of French President Emmanuel Macron in 2017, the International Olympic Committee in 2017 and 2018, and the Organization for the Prohibition of Chemical Weapons (OPCW).

Spear-phishing is an e-mail or electronic communications scam targeting a a specific individual, organization, or business with the intent to steal data for malicious purposes or install malware on a targeted user’s computer.

The attack on the OPCW came just a month after Sergei Skripal, a former Russian military officer, and his daughter were found unconscious in the British city of Salisbury in 2018.

The British authorities and OPCW confirmed the Skripals had been poisoned with the Russian nerve agent Novichok. Britain accused two GRU officers of carrying out the attack.

Copyright (c)2020 RFE/RL, Inc. Reprinted with the permission of Radio Free Europe/Radio Liberty, 1201 Connecticut Ave NW, Ste 400, Washington DC 20036.