The State Department is offering a reward of up to $10 million for information that helps track down a group of Russian cybercriminals, officials announced on April. 26.
RFJ is looking for information on six individuals who are said to be officers of the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU) and who were allegedly involved in a criminal conspiracy in 2017 in which they deployed destructive malware to critical infrastructure in the United States.
The state department named the six individuals allegedly connected to the attack as Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko, and Petr Nikolayevich Pliskin
All six named work in the GRU’s Unit 74455, also known by cybersecurity researchers as Sandworm Team, Telebots, Voodoo Bear, and Iron Viking, according to the State Department.
“These individuals were members of the criminal conspiracy responsible for the June 27, 2017, destructive malware infection of computers in the United States and worldwide using malware known as NotPetya,” officials said.
“These cyber intrusions damaged the computers of hospitals and other medical facilities in the Heritage Valley Health System (Heritage Valley) in western Pennsylvania, a large U.S. pharmaceutical manufacturer, and other U.S. private sector entities.”
In total, the malicious cyber activities cost these U.S. entities nearly $1 billion in losses, according to the State Department.
A federal grand jury indicted the six Russian officers in October 2020 on counts of conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, damaging protected computers, and aggravated identity theft.
The announcement of the million-dollar reward for intel on the six cybercriminals comes shortly after the cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom released a joint advisory warning that Russia’s invasion of Ukraine could expose organizations both in Ukraine and beyond to increased cyberattacks
Further cyber attacks could come due in part to the string of economic sanctions imposed on Russia by Western nations, the advisory said, citing threats made by some cybercrime groups to conduct cyber operations against countries and organizations providing materiel support to Ukraine
The Biden administration has so far provided more than $4.6 billion in security assistance to Ukraine since Moscow invaded on Feb. 24 and the president announced on April 21 that an additional $1.3 billion in military and economic aid will be sent to the nation.
“Most of America’s critical infrastructure is owned and operated by the private sector and critical infrastructure owners and operators must accelerate efforts to lock their digital doors,” Biden said.
“If you have not already done so, I urge our private sector partners to harden your cyber defenses immediately by implementing the best practices we have developed together over the last year.”
