The Justice Department unsealed an indictment Monday accusing six Russian military officers of orchestrating a string of cyberattacks targeting U.S. businesses, French elections and the 2018 Winter Olympics.
The indictment labels the defendants as current or former members of Unit 74455 of Russia’s Main Intelligence Directorate of the General Staff of the Armed Forces, also known as the GRU – the same entity blamed for interfering in the 2016 U.S. presidential election.
Known by some cybersecurity experts as the “Sandworm Team,” the six GRU officers named in the indictment face federal charges of conspiracy, computer hacking, wire fraud, aggravated identity theft and false registration of a domain name.
U.S. officials accuse them of infecting computers worldwide with malware known as NotPetya, including hospitals and medical facilities in Pennsylvania, a FedEx subsidiary and an American pharmaceutical manufacturer. Those companies suffered nearly $1 billion in losses as a result, prosecutors say.
The Russian officers also allegedly aided a hack-and-leak operation in the days leading up to the 2017 French elections, launched a phishing campaign against partners of the 2018 Winter Olympics in South Korea, and carried out attacks on Ukraine’s electrical power grid in 2015 and 2016.
Each campaign to infiltrate the various targets began months or even a year in advance of the attacks. Phishing campaigns against Olympic officials, for example, allegedly began a month before the Russian Olympic Committee and its president were suspended from the games.
Hackers constructed emails appearing to have been sent from Olympic officials to partners of the games asking information technology officials for a recovery key to be entered on each of their laptops after unexpectedly rebooting, the indictment states.
“These events were caused by the conspirators’ widespread deployment of malware, which cybersecurity researchers later named ‘Olympic Destroyer,’” the indictment states. “As a result, thousands of computers used by IT Company 1 and the PyeongChang Organizing Committee were compromised.”
The Russian nationals charged in the indictment are further accused of targeting international investigations into the poisoning of former spy Sergei Skripal and his daughter in Britain two years ago. They also launched hacking campaigns against a major media company in the Eastern European country of Georgia and the Georgian Parliament, according to the Justice Department.
John Demers, assistant attorney general for the Justice Department’s National Security Division, said in a statement Monday the indictments “provide a useful lens” to examine Russian President Vladimir Putin’s late September promise to reset the Russia-U.S. cyber relationship.
Russia was right to note technologically advanced nations have a responsibility to “secure the world order and contribute” to “peace and stability,” he said.
“But this indictment lays bare Russia’s use of its cyber capabilities to destabilize and interfere with the domestic political and economic systems of other countries, thus providing a cold reminder of why its proposal is nothing more than dishonest rhetoric and cynical and cheap propaganda,” Demers said.