Six Russian military intelligence officers have been charged in the United States with carrying out cyberattacks on Ukraine’s power grid, the 2017 French elections and the 2018 Winter Olympic Games, the Justice Department announced on Monday.
The six GRU agents were also accused of staging a malware attack called “NotPetya” that infected computers of businesses worldwide causing nearly $1 billion in losses to three US companies alone.
In addition, they allegedly targeted international investigations into the nerve agent poisoning of Russian former double agent Sergei Skripal and his daughter, and waged cyberattacks on media outlets and parliament in Georgia.
Assistant Attorney General John Demers said the six were responsible for “the most disruptive and destructive series of computer attacks ever attributed to a single group.”
Demers said members of the same GRU unit have been charged previously with seeking to disrupt the 2016 US elections — but there were “no (2020) election interference allegations” in this indictment.
The indictment of the six, none of whom are in US custody, was brought by a federal grand jury in Pittsburgh, Pennsylvania, where hospitals were allegedly targeted by the NotPetya hackers.
The charges include conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft.
Demers said the defendants launched destructive malware attacks against the electric power grid in Ukraine in December of 2015 and December of 2016.
“These were the first reported destructive malware attacks against the control systems of civilian critical infrastructure,” he said.
“These attacks turned out the lights and turned off the heat in the middle of the Eastern European winter, as the lives of hundreds of thousands of Ukrainian men, women and children went dark and cold.”
The Justice Department said they conducted “hack-and-leak” campaigns against French President Emmanuel Macron’s political party and local French governments prior to the 2017 elections.
Demers said the 2018 PyeongChang Winter Olympics in South Korea were targeted after Russian athletes were banned from participating under their own flag because of government-sponsored doping efforts.
“Their cyber attack combined the emotional maturity of a petulant child with the resources of a nation state,” he said, adding that they attempted to pin it on North Korea.
“During the opening ceremony, they launched the ‘Olympic Destroyer’ malware attack, which deleted data from thousands of computers supporting the Games, rendering them inoperable,” he said.
The 2017 NotPetya attacks were aimed at businesses and critical infrastructure worldwide and US targets included hospitals, a subsidiary of delivery giant FedEx and a pharmaceutical manufacturer.
In April 2018, spearphishing campaigns were launched against investigations being carried out into the Skripal poisoning by the Organisation for the Prohibition of Chemical Weapons (OPCW) and the United Kingdom’s Defence Science and Technology Laboratory (DSTL).
In Georgia, a spearphishing campaign was launched in 2018 against a major media company, and in 2019 efforts were made to compromise the computer network of the country’s parliament, according to the Justice Department.
The six were identified as Yuriy Sergeyevich Andrienko, 32, Sergey Vladimirovich Detistov, 35, Pavel Valeryevich Frolov, 28, Anatoliy Sergeyevich Kovalev, 29, Artem Valeryevich Ochichenko, 27, and Petr Nikolayevich Pliskin, 32.
Kovalev was indicted previously, in 2018, for attempting to gain access to US computers involved in the administration of the 2016 US elections.