The US on Monday charged six former and current Russian intelligence officers in connection with various worldwide “destructive” malware attacks.
According to an official release by the US Justice Department, six computer hackers have been charged in seven counts: “conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft.”
The US Justice Department said that the hackers were all part of the Russian Main Intelligence Directorate (GRU), a military intelligence agency of the General Staff of the Armed Forces.
ALSO READ: Now, cyber criminals target IoT devices with a new malware
Disruptive cyberattacks
The officers have been accused of deploying some of the world’s most “destructive malware” such as KillDisk and Industroyer, which had caused blackouts in Ukraine. According to the Justice Department, the attackers targeted Ukraine’s electric power grid, Ministry of Finance and State Treasury Service, using BlackEnergy, Industroyer, and KillDisk malware.
They have also been accused of causing nearly $1 billion in losses to “hospitals and other medical facilities in the Heritage Valley Health System (Heritage Valley) in the Western District of Pennsylvania; a FedEx Corporation subsidiary, TNT Express BV; and a large US pharmaceutical manufacturer,” together using the NotPetya malware.
They have also been accused of trying to disrupt the 2017 French elections with spearphishing campaigns and “hack and leak” efforts.
The Justice Department has also accused the hackers of disrupting thousands of computers during the 2018 PyeongChang Winter Olympics using the Olympic Destroyer malware apart from other phishing attacks on hosts, participants and attendees.
They have also been tied to the Skripal investigation and have been accused of conducting spearphishing campaigns in 2018 targeting “investigations by the Organisation for the Prohibition of Chemical Weapons (OPCW) and the United Kingdom’s Defence Science and Technology Laboratory (DSTL) into the nerve agent poisoning of Sergei Skripal, his daughter, and several UK citizens.”
“These GRU hackers and their co-conspirators engaged in computer intrusions and attacks intended to support Russian government efforts to undermine, retaliate against, or otherwise destabilise: (1) Ukraine; (2) Georgia; (3) elections in France; (4) efforts to hold Russia accountable for its use of a weapons-grade nerve agent, Novichok, on foreign soil; and (5) the 2018 PyeongChang Winter Olympic Games after Russian athletes were banned from participating under their nation’s flag, as a consequence of Russian government-sponsored doping effort,” the Justice Department said.
The hackers are allegedly a part of a group of malicious actors known as “Sandworm Team,” “Telebots,” “Voodoo Bear,” and “Iron Viking” among cybersecurity researchers.
ALSO READ:US Justice Department indicts Chinese hackers for break-ins at 100 companies
UK investigations
In a separate report, the UK National Cyber Security Centre on Monday also warned against malicious activity by Russia’s GRU military intelligence service targeting organisations involved in the 2020 Tokyo Olympics and Paralympic Games before they were postponed.
“The activity involved cyber reconnaissance by the GRU targeting officials and organisations involved in the Games, which had been due to take place in Tokyo during the summer,” the agency said.
The UK cybersecurity agency also provided details of GRU’s alleged 2018 attacks on the Winter Olympics in South Korea, stating that the GRU’s cyber unit had attempted to disguise itself as North Korean and Chinese hackers while targeting the Games’ opening ceremony.
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.