Six Russian military hackers have been indicted over a series of seismic cyberattacks since 2015, the Department of Justice announced Monday. The hacks include the most destructive cyberattack in history, attacks that caused blackouts in Ukraine and an intrusion on the 2018 Winter Olympics.
The cyberattacks listed in Monday’s indictment are among some of the most significant hacks ever, and all trace back to Russian operatives, the Justice Department said. US intelligence officials have long warned about Russia’s hacking capabilities, which have cost companies billions of dollars and influenced politics across multiple nations.
The Justice Department is charging Yuriy Sergeyevich Andrienko for helping develop NotPetya, a 2017 ransomware attack that ensnared companies including FedEx and Maersk, as well as the Olympic Destroyer malware that crashed the Pyeongchang Winter Olympics’ internal servers.
Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov and Petr Nikolayevich Pliskin are also believed to be behind developing the malware, while Anatoliy Sergeyevich Kovalev and Artem Valeryevich Ochichenko are allegedly behind delivering those attacks.
“No country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite,” Assistant Attorney General for National Security John Demers said in a statement.
The six Russian hackers are also allegedly behind hacks on the French elections in 2017, cyberattacks against the Georgian government in 2019, and spearphishing attacks against the labs investigating the nerve agent poisoning of Sergei Skripal in 2018.
While officials have blamed Russian hackers for these attacks over the last five years, Monday’s announcement puts charges on specific people responsible for it.
“For more than two years we have worked tirelessly to expose these Russian GRU Officers who engaged in a global campaign of hacking, disruption and destabilization, representing the most destructive and costly cyberattacks in history,” US Attorney Scott Brady said in a statement. “The crimes committed by Russian government officials were against real victims who suffered real harm.”
That “real harm” includes the NotPetya attack locking up computers belonging to two hospitals in Pennsylvania, meaning that patients couldn’t use systems for cardiology, radiology and surgeries for about a week, while administrative systems like patient history and records were lost for a month.
It also includes the first reported cyberattack against critical infrastructure, when Russian hackers targeted Ukraine’s power grid in December 2015.
“These attacks turned out the lights and turned off the heat in the middle of the Eastern European winter, as the lives of hundreds of thousands of Ukrainian men, women and children went dark and cold,” Demers said.
The six Russian hackers belonged to the same military unit behind the cyberattacks on the 2016 US presidential election, prosecutors said. They worked with tech giants including Google, Facebook and Twitter for the investigation, and expects to continue its work with private companies for future investigations, Justice Department officials said. They declined to provide any details on how those companies helped.
In a separate announcement on Monday, the UK government said it found Russian hackers targeted the 2020 Olympics in Japan before they were postponed. Targets include the Olympics’ organizers, sponsors and logistics services, the UK’s National Cyber Security Centre said.