US charges 6 Russian intelligence officers for worldwide ‘destructive’ malware attacks

Hemani Sheth Mumbai | Updated on October 20, 2020

Accused of disrupting 2018 Olympics, French Elections, Skripal investigations among others

The US on Monday charged six former and current Russian intelligence officers in connection with various worldwide “destructive” malware attacks.

According to an official release by the US Justice Department, six computer hackers have been charged in seven counts: “conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft.”

The US Justice Department said that the hackers were all part of the Russian Main Intelligence Directorate (GRU), a military intelligence agency of the General Staff of the Armed Forces.

ALSO READ: Now, cyber criminals target IoT devices with a new malware

Disruptive cyberattacks

The officers have been accused of deploying some of the world’s most “destructive malware” such as KillDisk and Industroyer, which had caused blackouts in Ukraine. According to the Justice Department, the attackers targeted Ukraine’s electric power grid, Ministry of Finance and State Treasury Service, using BlackEnergy, Industroyer, and KillDisk malware.

They have also been accused of causing nearly $1 billion in losses to “hospitals and other medical facilities in the Heritage Valley Health System (Heritage Valley) in the Western District of Pennsylvania; a FedEx Corporation subsidiary, TNT Express BV; and a large US pharmaceutical manufacturer,” together using the NotPetya malware.

They have also been accused of trying to disrupt the 2017 French elections with spearphishing campaigns and “hack and leak” efforts.

The Justice Department has also accused the hackers of disrupting thousands of computers during the 2018 PyeongChang Winter Olympics using the Olympic Destroyer malware apart from other phishing attacks on hosts, participants and attendees.

They have also been tied to the Skripal investigation and have been accused of conducting spearphishing campaigns in 2018 targeting “investigations by the Organisation for the Prohibition of Chemical Weapons (OPCW) and the United Kingdom’s Defence Science and Technology Laboratory (DSTL) into the nerve agent poisoning of Sergei Skripal, his daughter, and several UK citizens.”

“These GRU hackers and their co-conspirators engaged in computer intrusions and attacks intended to support Russian government efforts to undermine, retaliate against, or otherwise destabilise: (1) Ukraine; (2) Georgia; (3) elections in France; (4) efforts to hold Russia accountable for its use of a weapons-grade nerve agent, Novichok, on foreign soil; and (5) the 2018 PyeongChang Winter Olympic Games after Russian athletes were banned from participating under their nation’s flag, as a consequence of Russian government-sponsored doping effort,” the Justice Department said.

The hackers are allegedly a part of a group of malicious actors known as “Sandworm Team,” “Telebots,” “Voodoo Bear,” and “Iron Viking” among cybersecurity researchers.

ALSO READ: US Justice Department indicts Chinese hackers for break-ins at 100 companies

UK investigations

In a separate report, the UK National Cyber Security Centre on Monday also warned against malicious activity by Russia’s GRU military intelligence service targeting organisations involved in the 2020 Tokyo Olympics and Paralympic Games before they were postponed.

“The activity involved cyber reconnaissance by the GRU targeting officials and organisations involved in the Games, which had been due to take place in Tokyo during the summer,” the agency said.

The UK cybersecurity agency also provided details of GRU’s alleged 2018 attacks on the Winter Olympics in South Korea, stating that the GRU’s cyber unit had attempted to disguise itself as North Korean and Chinese hackers while targeting the Games’ opening ceremony.

Published on October 20, 2020

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

This article is closed for comments.
Please Email the Editor

You May Also Like