United States Department of Justice
On Oct. 15, 2020, a federal jury in Pittsburgh came back Associate in Nursing indictment charging six pc hackers, all of whom were residents and nationals of the country (Russia) and officers in Unit 74455 of the Russian Main Intelligence board (GRU), a military administrative body of the overall employees of the Armed Forces. (United States Department of Justice)
These GRU hackers and their co-conspirators engaged in computer intrusions and attacks supposed to support Russian government efforts to undermine, retaliate against, or otherwise destabilize (1) Ukraine; (2) Georgia; (3) elections in France; (4) efforts to carry Russia answerable for its use of a weapons-grade nerve agent, Novichok, on foreign soil; and (5) the 2018 PyeongChang Winter Olympic Games once Russian athletes were illegal from collaborating below their nation’s flag, as a consequence of Russian government-sponsored doping effort.
Their pc attacks used a number of the world’s most harmful malware to date, together with KillDisk and Industroyer, that every caused blackout in Ukraine; NotPetya, which caused nearly $1 billion in losses to the 3 victims known within the indictment alone; and Olympic Destroyer, which noncontinuous thousands of computers wont to support the 2018 PyeongChang Winter Olympics. The indictment charges the defendants with conspiracy, computer hacking, wire fraud, aggravated identity theft, and false registration of a site name.
According to the indictment, the defendants and their co-conspirators deployed harmful malware from or around November 2015 and continued until a minimum of in or around Gregorian calendar month 2019 and took alternative unquiet acts, through unauthorized access to victim pcs (hacking), for Russia's strategic advantage. The plot was, as alleged, responsible for the ensuing damaging, disruptive, or otherwise destabilizing intrusions and attacks on computers:
- Ukrainian Government & Critical Infrastructure: December 2015 through December 2016 destructive malware attacks against Ukraine’s electric power grid, Ministry of Finance, and State Treasury Service, using malware known as BlackEnergy, Industroyer, and KillDisk;
- French Elections: April and May 2017 spearphishing campaigns and related hack-and-leak efforts targeting French President Macron’s “La République En Marche!” (En Marche!) political party, French politicians, and local French governments prior to the 2017 French elections;
- Worldwide Businesses and Critical Infrastructure (NotPetya): June 27, 2017, destructive malware attacks that infected computers worldwide using malware known as NotPetya, including hospitals and other medical facilities in the Heritage Valley Health System (Heritage Valley) in the Western District of Pennsylvania; a FedEx Corporation subsidiary, TNT Express B.V.; and a large U.S. pharmaceutical manufacturer, which together suffered nearly $1 billion in losses from the attacks;
- PyeongChang Winter Olympics Hosts, Participants, Partners, and Attendees: December 2017 through February 2018 spearphishing campaigns and malicious mobile applications targeting South Korean citizens and officials, Olympic athletes, partners, and visitors, and International Olympic Committee (IOC) officials;
- PyeongChang Winter Olympics IT Systems (Olympic Destroyer): December 2017 through February 2018 intrusions into computers supporting the 2018 PyeongChang Winter Olympic Games, which culminated in the Feb. 9, 2018, destructive malware attack against the opening ceremony, using malware known as Olympic Destroyer;
- Novichok Poisoning Investigations: April 2018 spearphishing campaigns targeting investigations by the Organisation for the Prohibition of Chemical Weapons (OPCW) and the United Kingdom’s Defence Science and Technology Laboratory (DSTL) into the nerve agent poisoning of Sergei Skripal, his daughter, and several U.K. citizens; and
- Georgian Companies and Government Entities: a 2018 spearphishing campaign targeting a major media company, 2019 efforts to compromise the network of Parliament, and a wide-ranging website defacement campaign in 2019.
Defendant | Summary of Overt Acts |
Yuriy Sergeyevich Andrienko | · Developed components of the NotPetya and Olympic Destroyer malware. |
Sergey Vladimirovich Detistov | · Developed components of the NotPetya malware; and · Prepared spearphishing campaigns targeting the 2018 PyeongChang Winter Olympic Games. |
Pavel Valeryevich Frolov | · Developed components of the KillDisk and NotPetya malware. |
Anatoliy Sergeyevich Kovalev | · Developed spearphishing techniques and messages used to target: - En Marche! officials; - employees of the DSTL; - members of the IOC and Olympic athletes; and - employees of a Georgian media entity. |
Artem Valeryevich Ochichenko | · Participated in spearphishing campaigns targeting 2018 PyeongChang Winter Olympic Games partners; and · Conducted technical reconnaissance of the Parliament of Georgia's official domain and attempted to gain unauthorized access to its network. |
Petr Nikolayevich Pliskin | · Developed components of the NotPetya and Olympic Destroyer malware. |
The defendants and their co-conspirators caused damage and disruption to computer networks worldwide. The NotPetya malware, for example, damaged computers used in critical infrastructure and caused enormous financial losses. The FBI's Atlanta, Oklahoma City, and Pittsburgh field offices conducted the investigation, with the assistance of the FBI's Cyber Division. Defendant Kovalev was previously charged with conspiring to gain unauthorized access into the computers of U.S. persons and entities involved in the administration of the 2016 US elections.
The Criminal Division's Office of International Affairs provided critical assistance in this case. Numerous victims cooperated and provided valuable assistance in the investigation. Some private sector companies independently disabled numerous accounts for violations of their terms of service.
Also Read:
0 Comments
Post a Comment