6 Russian Hackers Charged for Offensive Cyber Campaigns – the 2017 NotPetya Wiper Attacks Included

The U.S. Department of Justice made an announcement regarding the indictment of 6 Russian hackers for participating in the 2017 NotPetya malware attacks and a lengthy listing of offensive cyber activities on several targets in the USA and other nations.

The six persons are alleged to be GRU associates. GRU is Russia’s Main Intelligence Directorate, particularly GRU Unit 74455, which is identified as Sandworm. The Sandworm unit is regarded as responsible for a lot of offensive cyber campaigns that took place within a number of years.

Sandworm is believed as being a key component in efforts to influence foreign elections, such as the 2017 French Presidential election and the 2016 U.S. presidential election. One of the most damaging offensive activities was the use of NotPetya malware in 2017. The wiper NotPetya malware was utilized in detrimental attacks around the world that exploited the Microsoft Windows Server Message Block (SMBv1) vulnerability.

NotPetya affected a number of medical centers and hospitals. Data were destroyed and computer systems were shut down. NotPetya attacked the pharmaceutical company Merck, FedEx sister company TNT Express and Danish shipping company Maersk. The cost of the NotPetya attack on Merck was estimated to be $1.3 billion. The total cost of damages due to the malware is over $10 billion and more than 300 firms around the world were impacted.

Sandworm was furthermore behind attempts to disturb the 2018 Winter Olympics by using the Olympic Destroyer malware. The attackers tried to interrupt the investigation of the Novichok poisonings of past Russian spy Sergei Skripal and his daughter, which was being pursued by the Organization for the Prohibition of Chemical Weapons and the U.K.’s Defense Science and Technology Laboratory.

Sandworm was likewise responsible for the detrimental assaults on the energy grid of Ukraine between December 2015 and December 2016 and other federal targets employing BlackEnergy, KillDisk, and Industroyer malware, together with attacks on government entities and corporations in Georgia in 2018.

The indicted Russian operatives are Sergey Vladimirovich Detistov, Yuriy Sergeyevich Andrienko, Pavel Valeryevich Frolov, Artem Valeryevich Ochichenko, Anatoliy Sergeyevich Kovalev, and Petr Nikolayevich Pliskin. Each one has been accused of 7 counts detailed as:

  • one count of conspiracy to commit computer fraud and abuse
  • one count of conspiracy to commit wire fraud
  • one count of intentional damage to a protected computer
  • two counts of wire fraud
  • two counts of aggravated identity theft, including false registration of domain names

The utmost likely sentence when found guilty on the 7 counts is 71 years imprisonment. The indictment furthermore consists of particulars of the distinct roles every defendant performed in the attacks, verified the specific nature of the intelligence gathered on every individual by intelligence agencies, foreign governments, law enforcement, and private firms.

Russian has reacted by denying any engagement in the cyberattacks ascribed to the hackers. A spokesperson for the Russian embassy in Washington mentioned that Russia does not and did not have motives to indulge in any sort of destabilizing action all over the world.

It is improbable that the charged attackers will ever face a trial since there isn’t any extradition treaty between Russia and America.