Actions

6 Russian military officers charged in vast hacking campaign

6 Russian military officers charged in vast hacking campaign
Posted
and last updated

WASHINGTON, D.C. — Six Russian military officers sought to use computer hacking to disrupt the French election, the Winter Olympics in South Korea and U.S. businesses.

That's according to a Justice Department indictment unsealed Monday that details attacks on a broad range of political, financial and athletic targets.

While announcing the charges at a press conference, Assistant Attorney General John C. Demers called the officers’ actions “the most disruptive and destructive” computer attacks ever attributed to a single group. Demers said no country has weaponized its cyber capabilities as maliciously and irresponsibly as Russia, “wantonly causing unprecedented collateral damage to pursue small tactical advantages and to satisfy fits of spite.”

All the defendants are alleged intelligence officers in the Russian military agency known as the GRU. The DOJ previously charged members of the same unit, also known to cybersecurity researchers as “Sandworm Team,” for their role in Russia’s efforts to interfere in the 2016 U.S. elections. Though, the new indictment doesn't charge the officers in connection with the interference in the U.S. elections.

The indictment also accuses the defendants in destructive attacks on Ukraine’s power grid.

“These were the first reported destructive malware attacks against the control systems of civilian critical infrastructure,” said Demers. “These attacks turned out the lights and turned off the heat in the middle of the Eastern European winter, as the lives of hundreds of thousands of Ukrainian men, women and children went dark and cold.”

From there, Demers says the conspirators’ “destructive path” widened to encompass “virtually the whole world.”

The conspirators allegedly unleashed the “NotPetya” malware, which was reportedly designed to bring down entire networks in seconds and searching for remote computer connections through which to attack additional innocent victims.

“The entirely foreseeable result was that the worm quickly spread globally, shutting down companies and inflicting immense financial harm,” said Demers. “This irresponsible conduct impaired the ability of companies in critical sectors, such as transportation and health, to provide services to the public–not only in Ukraine, but as far away as Western Pennsylvania."

Demers says the malware led to monetary losses of nearly $1 billion.

Next, officials say the conspirators then turned their sights on the Winter Olympics.

“The conspirators, feeling the embarrassment of international penalties related to Russia’s state-sponsored doping program, i.e., cheating, took it upon themselves to undermine the games,” said Demers. “Their cyber-attack combined the emotional maturity of a petulant child with the resources of a nation state.”

The officers are accused of conducting spear phishing campaigns against South Korea, the host of the 2018 games, as well as the International Olympic Committee, Olympic partners, and athletes. Then, during the opening ceremony, they allegedly launched the “Olympic Destroyer” malware attack, which deleted data from thousands of computers supporting the Games, rendering them inoperable.

The officers are also accused of supporting a hack-and-leak operation in the days leading up to the 2017 French elections, with attacks directed at the political party of French President Emmanuel Macron.

“This indictment lays bare Russia’s use of its cyber capabilities to destabilize and interfere with the domestic political and economic systems of other countries, thus providing a cold reminder of why its proposal is nothing more than dishonest rhetoric and cynical and cheap propaganda,” said Demers.