Six Russian military intelligence officers have been charged in the United States with carrying out cyber attacks on Ukraine’s electricity grid, the French elections in 2017 and the 2018 Winter Olympics, the Ministry of Justice announced on Monday.
The six GRU agents were also accused of staging a malware attack called “NotPetya” that infected computers from companies around the world causing nearly $ 1 billion. Dollar losses in three U.S. companies alone.
In addition, they have allegedly targeted international investigations into nerve poisoning of Russian former double agent Sergei Skripal and his daughter and carried out cyber attacks on the media and parliament in Georgia.
Assistant Attorney General John Demers said the six were responsible for “the most disruptive and destructive series of computer attacks ever attributed to a single group.”
Demers said members of the same GRU unit have previously been accused of seeking to disrupt the 2016 U.S. election – but there were “no (2020) allegations of election interference” in this indictment.
Charges against the six, none of whom are in U.S. custody, were filed by a federal grand jury in Pittsburgh, Pennsylvania, where hospitals were allegedly targeted by NotPetya hackers.
The charges include conspiracy to commit fraud and misuse of computers, conspiracy to commit wire fraud, wire fraud, damage to protected computers and gross identity theft.
Demers said the defendants launched destructive malware attacks on the power grid in Ukraine in December 2015 and December 2016.
“These were the first reported destructive malware attacks on civilian critical infrastructure control systems,” he said.
“These attacks turned off the light and turned off the heat in the middle of the Eastern European winter, when hundreds of thousands of Ukrainian men, women and children became dark and cold.”
The Justice Department said it conducted “hack-and-leak” campaigns against French President Emmanuel Macron’s political party and local French governments ahead of the 2017 election.
Demers said the 2018 PyeongChang Winter Olympics in South Korea were targeted after Russian athletes were banned from participating under their own flag due to government-backed doping efforts.
“Their cyberattack combined the emotional maturity of a petulant child with the resources of a nation state,” he said, adding that they were trying to pin it to North Korea.
“During the opening ceremony, they launched the malware attack ‘Olympic Destroyer’, which deleted data from thousands of computers supporting the games, rendering them useless,” he said.
The 2017 NotPetya attacks targeted companies and critical infrastructure worldwide, and U.S. targets included hospitals, a subsidiary of supply giant FedEx and a pharmaceutical manufacturer.
In April 2018, spearphishing campaigns were launched against investigations into Skripal poisoning by the Organization for the Prohibition of Chemical Weapons (OPCW) and the United Kingdom Defense Science and Technology Laboratory (DSTL).
In Georgia, a spearphishing campaign was launched in 2018 against a major media company, and in 2019, attempts were made to compromise the computer network in the country’s parliament, according to the Ministry of Justice.
The six were identified as Yuriy Sergeyevich Andrienko, 32, Sergey Vladimirovich Detistov, 35, Pavel Valeryevich Frolov, 28, Anatoliy Sergeyevich Kovalev, 29, Artem Valeryevich Ochichenko, 27, and Petr Nikolayevich Pliskin, 32.
Kovalev was previously charged in 2018 with attempting to gain access to U.S. computers involved in the administration of the 2016 U.S. election.