US Charges 6 Russian GRU Officers in Global Hacking Operation

US Charges 6 Russian GRU Officers in Global Hacking Operation
A poster showing six wanted Russian military intelligence officers is displayed before a news conference at the Department of Justice, in Washington on Oct. 19, 2020. Andrew Harnik/AP Photo
Updated:

The Justice Department has charged six Russian military hackers with engaging in a series of intrusions against other countries’ infrastructure, elections, or businesses, in what has been described as the “most disruptive and destructive series of computer attacks ever attributed to a single group.”

The accused, who are agents of a Russian military intelligence agency known as GRU, allegedly used various cyber tactics, including deploying destructive malware with the purpose of furthering the Russian government’s interest to destabilize and interfere with the political and economic systems of other countries, the Justice Department (DOJ) said.

The GRU is the same agency that was allegedly involved in hacking efforts to interfere in the 2016 U.S. presidential election.

Among those targeted includes Ukraine’s electric power grid, Ministry of Finance, and State Treasury Service; French President Emmanuel Macron’s political party and French politicians; hosts, participants, partners, attendees, and the IT systems of the PyeongChang 2018 Winter Olympics; organizations and entities investigating the nerve agent poisoning of Sergei Skripal; Georgian companies and government entities; and businesses and medical facilities in the United States.

“No country has weaponized its cyber capabilities as maliciously and irresponsibly as Russia, wantonly causing unprecedented collateral damage to pursue small tactical advantages and to satisfy fits of spite,” Assistant Attorney General for National Security John C. Demers said during a press conference on Oct. 19 announcing the charges.

According to the indictment, the hackers deployed “some of the world’s most destructive malware to date”—such as KillDisk, Industroyer, and NotPetya—which caused widespread damage, including blackouts in Ukraine and disruption to thousands of computers used to support the 2018 Winter Olympics.

The men have been charged with conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft. Each defendant is charged in every count in an indictment returned by a federal grand jury in Pittsburgh.

A poster showing six wanted Russian military intelligence officers. (Justice Department)
A poster showing six wanted Russian military intelligence officers. Justice Department

The department said several of the men were previously charged for their roles in allegedly interfering in the 2016 U.S. elections.

Demers said the allegations should be evidence into why the United States shouldn’t accept President Vladimir Putin’s offer for a cyber “reset” between the two countries. The agreement would require both counties to provide guarantees not to engage in cyber-meddling in each other’s elections.

“Russia is certainly right that technologically sophisticated nations that aspire to lead have a special responsibility to secure the world order and contribute to widely accepted norms, peace, and stability. That’s what we’re doing here today,” Demers said.

“But this indictment lays bare Russia’s use of its cyber capabilities to destabilize and interfere with the domestic political and economic systems of other countries, thus providing a cold reminder of why its proposal is nothing more than dishonest rhetoric and cynical and cheap propaganda.”

The DOJ said the attacks caused nearly $1 billion in losses to three U.S. victims, including the Heritage Valley Health System in Pennsylvania. The men allegedly deployed the NotPetya malware, which caused “the unavailability of patient lists, patient history, physical examination files, and laboratory records.”

“Heritage Valley lost access to its mission-critical computer systems (such as those relating to cardiology, nuclear medicine, radiology, and surgery) for approximately one week and administrative computer systems for almost one month, thereby causing a threat to public health and safety,” according to a department statement.

Other U.S. targets included TNT Express B.V., which is a FedEx Corp. subsidiary, and a large pharmaceutical manufacturer.