DOJ Charges Six Russian Military Officers in Massive Global Hacking Campaign

Six current and former Russian military officers have been charged for their roles in “the most destructive” cyber attacks “ever attributed to a single group,” including hacks targeting the French election, the 2018 Winter Olympics, the Ukrainian power grid, and several U.S. businesses, the Department of Justice announced Monday.

The indictment unsealed by the DOJ on Monday alleged the six men, all allegedly linked to the Russian military agency known as the GRU, engaged in a series of hacking and malware deployment operations between 2015 and 2019. While many of these hacking efforts have been previously uncovered, the indictment is the first time federal prosecutors have specifically accused Russian hackers of engaging in cyberattacks “to support Russian government efforts to undermine, retaliate against or otherwise destabilize” Ukraine, Georgia, the 2017 elections in France, the 2018 PyeongChang Olympics, and international efforts to hold the country accountable for its use of the nerve agent Novichok.

“No country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite,” Assistant Attorney General for National Security John C. Demers said Monday, adding that the attacks were “the most disruptive and destructive series of computer attacks ever attributed to a single group. No nation will recapture greatness while behaving in this way.”

The alleged hackers have been identified as Yuriy Sergeyevich Andrienko, 32; Sergey Vladimirovich Detistov, 35; Pavel Valeryevich Frolov, 28; Anatoliy Sergeyevich Kovalev, 29; Artem Valeryevich Ochichenko, 27; and 32-year-old Petr Nikolayevich Pliskin. All six have been charged with several counts, including conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft.

“For more than two years we have worked tirelessly to expose these Russian GRU officers who engaged in a global campaign of hacking, disruption, and destabilization, representing the most destructive and costly cyber-attacks in history,” U.S. Attorney Scott W. Brady for the Western District of Pennsylvania said Monday.

The 50-page indictment filed in Pittsburgh states the group worked for Unit 74455 of the Russian Main Intelligence Directorate—or the GRU. The group used the “world’s most destructive malware to date,” including Killdisk, Industroyer, and NotPetya. Prosecutors state that Killdisk and Industroyer were used to crash Ukraine’s power grid in Dec. 2015, which left hundreds of thousands of residents without electricity just before Christmas.

The same hackers are accused of being behind the NotPetya global ransomware attack in 2017, which caused nearly $1 billion in damages to three victims named in the indictment (including a health-care system). The same malware was allegedly used a year later in an attack designed to knock out the internet during the opening ceremony of the 2018 PyeongChang Winter Olympics in South Korea.

The group, prosecutors allege, are also responsible for the “hack-and-leak” operation targeting the French 2017 presidential election and targeting British authorities investigating the poisoning of a former Russian intelligence operative with a nerve agent.

“The crimes committed by Russian government officials were against real victims who suffered real harm. We have an obligation to hold accountable those who commit crimes—no matter where they reside and no matter for whom they work—in order to seek justice on behalf of these victims,” Brady added on Monday. The U.S. Attorney added that the shared democratic ideals of the targeted countries mean they are all “targets” of Russia, which “will stop at nothing to destroy those ideals and instill a sense of instability in its adversaries”

The Department of Justice also noted Monday that several members of the group—including Kovalev—have been previously charged for their roles in Russian efforts to interfere in the 2016 U.S. election.

The indictment unsealed Monday, however, does not charge the men in connection with interference in the 2016 U.S. presidential election.

“Today’s allegations in their entirety provide a useful lens for evaluating Russia's offer two weeks ago for a reset in cyber relations between Russia and the United States,” Demers said Monday.