The U.S. Department of Justice on Monday announced an indictment for six Russian nationals for an alleged four-year long hacking campaign that included attacks against the 2017 French elections, the 2018 PyeongChang Winter Olympics in South Korea and other cyber attacks.
In a Monday press conference, Assistant Attorney General John C. Demers identified the six Russian nationals as intelligence agency hackers believed to belong to Unit 74455 of the Russian Main Intelligence Directorate (GRU), known as the Sandworm hacking team. The hacking efforts included spearphishing attempts targeting French President Emmanuel Macron prior to his election to office in 2017, and a malware attack on the 2018 Winter Olympics games, called the “Olympic Destroyer.”
Demers noted the hacking efforts targeting the 2018 Olympics came after Russia faced penalties for blood doping scandals in past Olympic contests and said the cyberattack on the 2018 games “combined the emotional maturity of a petulant child with the resources of a nation-state.”
The Russian hackers were also linked to the June 2017 NotPetya malware attacks, which targeted hospitals and other medical facilities in the Heritage Valley Health System (Heritage Valley) in the Western District of Pennsylvania, as well as a FedEx Corporation subsidiary, TNT Express B.V.; and a large U.S. pharmaceutical manufacturer, which together suffered nearly $1 billion in estimated losses from the attacks.
The DOJ announcement included charges linking the group to malware attacks in 2015 and 2016 against Ukraine’s power grid, 2018 efforts to target the U.K. investigations into Novichok nerve agent poisoning of Sergei Skripal, his daughter, and several U.K. citizens; and hacking efforts in 2018 targeting media companies in the country of Georgia, and 2019 efforts against Georgia’s parliament.
“No country has weaponized its cyber-capabilities as maliciously and irresponsibly as Russia,” Demers said.
Demers said Russia’s hacking efforts against the 2018 Olympics said the “Olympic Destroyer” malware attack deleted data from thousands of computers supporting the games and made them inoperable. He said the perpetrators tried to pin the attack on North Korea, but their effort failed and cybersecurity efforts eventually attributed the effort to the Sandworm team.
“Today’s allegations, in their entirety, provide a useful lens for evaluating Russia’s offer two weeks ago of a cyber “reset” between Russia and the United States,” Demers said. “Russia is certainly right that technologically sophisticated nations that aspire to lead have a special responsibility to secure the world order and contribute to widely accepted norms, peace and stability. That’s what we’re doing here today. But this indictment lays bare Russia’s use of its cyber capabilities to destabilize and interfere with the domestic political and economic systems of other countries, thus providing a cold reminder of why its proposal is nothing more than dishonest rhetoric and cynical and cheap propaganda.”
FBI Deputy Director David Bowdich said, “The FBI has repeatedly warned that Russia is a highly capable cyber adversary, and the information revealed in this indictment illustrates how pervasive and destructive Russia’s cyber activities truly are.”