6 Russian Hackers Facing Allegations of Offensive Cyber Campaigns Such as the 2017 NotPetya Wiper Attacks

The U.S. Department of Justice made a statement concerning the indictment of 6 Russian hackers for taking part in the 2017 NotPetya malware attacks and a long record of offensive cyber schemes on many targets in the US and other nations around the world.

The six folks are alleged to be GRU members. GRU is Russia’s Main Intelligence Directorate, in particular GRU Unit 74455, which is also called as Sandworm. The Sandworm unit is thought to be behind numerous offensive cyber activiites that happened within many years.

Sandworm is believed as being a key player in initiatives to influence foreign elections, which include the French Presidential election in 2017 and the U.S. presidential election in 2016. One of the most damaging offensive campaigns was the NotPetya malware attack in 2017. The wiper NotPetya was employed in harmful attacks across the world that took advantage of the Microsoft Windows Server Message Block (SMBv1) vulnerability.

NotPetya impacted several medical clinics and hospitals. Data were wiped out and computer systems were taken out of action. NotPetya hit the pharmaceutical firm Merck, FedEx subsidiary TNT Express and Danish shipping corporation Maersk. The cost of the attack on Merck was approximated to be $1.3 billion. The total cost of damages brought about by the malware is over $10 billion and more than 300 firms globally were affected.

Sandworm was likewise responsible for attempts to interrupt the 2018 Winter Olympics by utilizing the Olympic Destroyer malware. The hackers made an attempt to disturb the investigation of the Novichok poisonings of ex – Russian spy Sergei Skripal , which was being conducted by the Organization for the Prohibition of Chemical Weapons and the U.K.’s Defense Science and Technology Laboratory.

Sandworm was likewise behind the detrimental attacks on Ukraine’s energy grid from December 2015 to December 2016 and other government targets utilizing BlackEnergy, Industroyer and KillDisk malware, in conjunction with attacks on government entities and corporations in Georgia in 2018.

The alleged Russian agents are Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Yuriy Sergeyevich Andrienko, Artem Valeryevich Ochichenko, Petr Nikolayevich Pliskin and Anatoliy Sergeyevich Kovalev. All of them were charged with 7 counts including:

  • one count of conspiracy to commit wire fraud
  • one count of conspiracy to commit computer fraud and abuse
  • two counts of wire fraud
  • one count of intentional damage to a protected computer
  • two counts of aggravated identity theft, with false registration of domain names

The greatest potential sentence in case found guilty on all counts is 71 years in jail. The indictment furthermore comprises information of the specified roles each defendant did in the attacks, affirmed the precise nature of the intelligence obtained on each one person by intelligence bureaus, foreign governments, police authorities, and private organizations.

Russian has replied by denying any participation in the cyberattacks linked to the attackers. A Russian embassy spokesperson in Washington stated that Russia doesn’t and didn’t have reasons to partake in any form of destabilizing activities around the globe.

It is impossible that the indicted hackers will ever face a trial because there’s no extradition treaty between the United States and Russia.