The Justice Department on Monday announced indictments against six Russian hackers in connection to attacks on international events including the 2017 French elections and the 2018 Winter Olympics, as well as U.S. businesses and hospitals.
The six individuals indicted are members of the GRU, the Russian Main Intelligence Directorate, which was responsible for targeting U.S. election infrastructure in all 50 states in the months ahead of the 2016 presidential election. A dozen GRU members had previously been indicted by the Justice Department in 2018 for these hacking efforts.
The indictment, handed down by a grand jury in the Western District of Pennsylvania, alleges that the six individuals “knowingly and intentionally conspired with each other and with persons known and unknown to the grand jury to deploy destructive malware and take other disruptive actions, for the strategic benefit of Russia, through unauthorized access to victim computers.”
Among the alleged attacks were hack-and-leak operations against the political party of now-French President Emanuel Macron in 2017, along with other French politicians. They are also alleged to have targeted the 2018 Winter Olympics in Pyeongchang, South Korea, as retaliation for Russians being banned from participating in the games due to doping allegations.
Further, the six Russian nationals were indicted in connection to attacks on the Ukrainian power grid and government agencies, which caused widespread power outages; for targeting two organizations involved in investigating the United Kingdom-based nerve agent attack on former Russian spy Sergei Skripal and his daughter; and for most recently targeting Georgian government agencies and companies.
The hackers are also accused of carrying out the 2017 NotPetya malware attack, one of the most widespread and debilitating international cyberattacks in history. Three of the groups targeted by the NotPetya virus were hospitals and facilities within the Heritage Valley Health Systems, a FedEx Corporation subsidiary and a large U.S. pharmaceutical manufacturer, with the three companies suffering a combined $1 billion in losses from the attacks.
Assistant Attorney General for National Security John Demers said Monday during a press conference that the charges constituted the “most disruptive and destructive series of computer attacks ever attributed to a single group.”
Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko and Petr Nikolayevich Pliskin were indicted on seven counts of wire fraud, computer fraud and abuse, damaging protected computers, aggravated identity theft and other charges.
Demers said that the timing of the charges had nothing to do with the general election taking place in two weeks but criticized Russian President Vladimir Putin’s September proposal to “reset” U.S.-Russia cyber relations in light of the new indictments.
“This indictment lays bare Russia’s use of its cyber capabilities to destabilize and interfere with the domestic political and economic systems of other countries, thus providing a cold reminder of why its proposal is nothing more than dishonest rhetoric and cynical and cheap propaganda,” Demers said.
Deputy FBI Director David Bowdich told reporters that social media companies including Facebook, Google and Twitter worked with federal authorities in compiling the charges but would not disclose details about this partnership.
“They did help us in a very significant manner, which we are fortunate to enjoy that partnership on more and more investigations,” Bowdich said.
The charges announced Monday were the latest in a string of actions taken by the Department of Justice in recent weeks targeting foreign cyberattacks aimed at the U.S., with charges previously announced against Iranian and Chinese hackers.
Rep. Jim Langevin (D-R.I.), the chairman of the House Armed Services Committee’s subcommittee on intelligence, congratulated the Justice Department, the FBI and other intelligence agencies for “building a solid case” illustrating Russian cyber aggression.
“From NotPetya to the 2018 Winter Olympic Games, Russian hackers working directly for the Russian government have wreaked havoc on systems around the world causing billions of dollars in damage and destabilizing the cyber ecosystem,” Langevin said in a statement provided to The Hill. “The world needs to understand that Russia is not interested in promoting stability in cyberspace, and countries must take that into consideration as Russia pretends to negotiate on norms in good faith.”
The British government also took steps against the GRU on Monday, publicly attributing cyberattacks on the 2018 Winter Olympics to the group, which it said had begun cyber reconnaissance operations against officials and organizations involved in both the 2020 Summer Olympic and Paralympic Games in Tokyo before the events were postponed.
The United Kingdom’s National Cyber Security Centre assessed publicly for the first time that GRU hackers disguised themselves as North Korean and Chinese hackers to target the opening ceremony of the PyeongChang Winter Olympics, including through using malware to target IT systems involved in the events, with South Korean authorities successfully preventing any significant disruption.
“The GRU’s actions against the Olympic and Paralympic Games are cynical and reckless. We condemn them in the strongest possible terms,” Foreign Secretary Dominic Raab said in a statement Monday. “The UK will continue to work with our allies to call out and counter future malicious cyber attacks.”
—Updated at 3:31 p.m.