US DoJ Charges Six Russian GRU Officers For Cyberattacks

British and US officials have revealed to the public the latest malicious cyber activities by Russia, with the US Department of Justice charging six Russian GRU officers.

The UK’s National Cyber Security Centre (NCSC) announced it had uncovered malicious cyber activity from Russia’s GRU military intelligence service against organisations involved in the 2020 Olympic and Paralympic Games, that were slated for summer 2020 before they were postponed due to the Coronavirus pandemic.

The UK also revealed details of Russia’s GRU targeting of the 2018 Winter Olympic and Paralympic Games in Pyeongchang, Republic of Korea.

Russia GRU

“The National Cyber Security Centre (NCSC) assesses with high confidence that these attacks were carried out by the GRU’s Main Centre for Specialist Technologies (GTsST), also known as Sandworm and VoodooBear,” the GCHQ agency said.

It said that in the attacks against the 2018 Games, the GRU’s cyber unit attempted to disguise itself as North Korean and Chinese hackers when it targeted the opening ceremony. It went on to target broadcasters, a ski resort, Olympic officials and sponsors of the games.

The GRU also apparently deployed data-deletion malware against the Winter Games IT systems and targeted devices across the Republic of Korea using VPNFilter.

“The NCSC assesses that the incident was intended to sabotage the running of the Winter Olympic and Paralympic Games, as the malware was designed to wipe data from and disable computers and networks,” the agency said. “Administrators worked to isolate the malware and replace the affected computers, preventing potential disruption.”

Foreign Secretary Dominic Raab condemned the malicious cyber activity by Russia’s GRU.

“The GRU’s actions against the Olympic and Paralympic Games are cynical and reckless,” said Raab. “We condemn them in the strongest possible terms.”

“The UK will continue to work with our allies to call out and counter future malicious cyber attacks,” said Raab.

DoJ charges

Meanwhile the US Department Of Justice has officially charged six Russian GRU officers over the “worldwide deployment of destructive malware and other disruptive actions in cyberspace.”

The US DoJ said that all six GRU officiers belonged to Unit 74455 of the Russian Main Intelligence Directorate (GRU), a military intelligence agency of the General Staff of the Armed Forces.

It named the defendants as, Yuriy Sergeyevich Andrienko aged 32; Sergey Vladimirovich Detistov aged 35; Pavel Valeryevich Frolov aged 28; Anatoliy Sergeyevich Kovalev aged 29; Artem Valeryevich Ochichenko aged 27; and Petr Nikolayevich Pliskin aged 32.

They have all charged in seven counts: conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft. Each defendant is charged in every count.

The US DoJ said that these GRU hackers engaged in computer intrusions and attacks intended to support Russian government efforts to undermine, retaliate against, or otherwise destabilize: Ukraine; Georgia; elections in France; efforts to hold Russia accountable for its use of a weapons-grade nerve agent, Novichok, on foreign soil; and the 2018 PyeongChang Winter Olympic Games after Russian athletes were banned from participating, as a consequence of Russian government-sponsored doping effort.

The DoJ said the GRU’s attacks used some of the world’s most destructive malware to date, including: KillDisk and Industroyer, which each caused blackouts in Ukraine; NotPetya, which caused nearly $1 billion in losses to the three victims identified in the indictment alone; and Olympic Destroyer, which disrupted thousands of computers used to support the 2018 PyeongChang Winter Olympics.

“No country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite,” said Assistant Attorney General for National Security John C. Demers.

“Today the department has charged these Russian officers with conducting the most disruptive and destructive series of computer attacks ever attributed to a single group, including by unleashing the NotPetya malware,” said Demers. “No nation will recapture greatness while behaving in this way.”

“The FBI has repeatedly warned that Russia is a highly capable cyber adversary, and the information revealed in this indictment illustrates how pervasive and destructive Russia’s cyber activities truly are,” added FBI Deputy Director David Bowdich.

“But this indictment also highlights the FBI’s capabilities,” said Bowdich. “We have the tools to investigate these malicious malware attacks, identify the perpetrators, and then impose risks and consequences on them. As demonstrated today, we will relentlessly pursue those who threaten the United States and its citizens.”

Russian actions

The US indictment against the GRU officers comes after both the United States and the United Kingdom, as well as Georgia in February this year officially blamed the GRU for a massive cyberattack against the country.

In October 2019, thousands of websites in the former Soviet republic of Georgia were knocked offline in a widespread cyberattack. The attack also impacted national TV stations (Imedi and Maestro), as well as court websites.

Russia has previously been blamed for a cyberattack in December 2015 that left parts of western Ukraine, including regional capital Ivano-Frankivsk, without power for almost six hours.

Then again in December 2016, Ukraine began an investigation after a cyberattack left the northern part of Kiev without power.

Again, Russia was identified as the culprit.

Another attack in June 2017 saw Ukrainian financial, energy and government sectors targetted, and then in October of that same year the Ukrainian metro and airport was also hit.