Russian Intelligence Officers Charged with Multiple Cyber Crimes

By Kayla Deruiter on October 28, 2020

Executive Summary:

The United States charged six Russian Intelligence Officers on Monday, October 19th, 2020, who are associated with the Russian Main Intelligence Directorate (GRU) unit 74455. These individuals were charged for “destructive malware attacks” with the intentions to disturb and sabotage other countries and cause monetary loss. All men were charged with multiple counts of conspiracy of computer fraud, wire fraud, unauthorized access to protected computers, and identity theft. There have been various attacks that these individuals have been accused of include the spear-phishing campaign against the 2018 Winter Olympic Games, damaging computer networks across multiple countries. Other countries have also accused this group of attacks, and this is not the first time the U.S. has charged individuals from the GRU conducting computer attacks on U.S. organizations and personnel.

Open Source Intelligence (OSINT) Details:

The six individuals who were charged this past Monday for their multiple cyber-attacks are Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko, and Petr Nikolayevich Pliskin [2]. All members of Russia’s Main Intelligence Directorate, also known as GRU, and have been deploying malicious malware throughout different countries to include the U.S. from November 2015 up until October 2019 [2]. These attacks were in support of Russia trying to strike back and destroy foreign nations around the world. The prosecutor involved in this case says, “The object of the conspiracy was to deploy destructive malware and take other disruptive actions, for the strategic benefit of Russia, through unauthorized access (‘hacking’) of victim computers.”[3]  A 50-page indictment unsealed in court has a detail description of the malware attacks over the years from this group, making it one of the most disruptive hacking campaigns done by one group [3].

These six individuals were allegedly behind some major cyber-attacks around the world. One was the malware attack on the Ukraine’s electric grid in 2015 and 2016, to temporarily disrupt electricity to consumers [1]. Another was the 2017 French election, where they gained information and leaked it during the election and targeted President Emmanuel Macron’s political party [2]. Also, hacking into computers for the 2018 Winter Olympics that were held in South Korea because they were banned for the scandal of installing malware known as NotPetya in U.S. business and organizations causing $10 billion loss in the country, targeting hospitals and medical facilities in the U.S [2]. They have also been accused of being involved in the U.S. 2016 presidential election, but this is not included in their indictment [3]. These individuals have been monitored for their cybercrimes by cyber researchers using labels such as “Sandworm Team”, “Telebots”, “Voodoo Bear”, and “Iron Viking” [4]. The chart below shows what each individual was involved in for the attack throughout the years:

[2]

Potential Impact:

When the U.S. and other countries catch these individuals, it gives us more information about their employer and the cyber-attack methods used by the group. The FBI has warned about Russia’s cyber capabilities and this incident proves how much damage they can do. It is inevitable that there will be more attacks, but now the U.S. can be more defensive in mitigating these attacks since they already know some of their techniques. After the indictment of these Russian Intelligence Officers, I predict that Russia will continue their attacks with the many other spies and find new techniques that are not known.

Significance:

The Russian Intelligence communities are constantly posing a threat to foreign governments, targeting large organizations and companies mostly to disrupt networks and cause damage. The individuals involved with this case were working for a military intelligence agency known as the GRU. Recruits such as these individuals are highly trained for years at the Russian Defense Ministry’s Military Academy in Moscow. They are placed all over the world to exploit governments and organizations. There are many more individuals involved with this group that have yet to be exposed, therefore our intelligence agencies and cyber defensive need to stay vigilant to attacks and potential threats.

Sources:

  1. Greenberg, A. (2017, June 12). Crash Override Malware Took Down Ukraine’s Power Grid Last December. Retrieved October 21, 2020, from https://www.wired.com/story/crash-override-malware/
  2. Lakshmanan, R. (2020, October 20). U.S. Charges 6 Russian Intelligence Officers Over Destructive Cyberattacks. Retrieved October 21, 2020, from https://thehackernews.com/2020/10/russian-hackers.html
  3. Quinn, M. (2020, October 19). U.S. charges 6 Russian military officers for cyberattacks targeting 2018 Olympics, French elections. Retrieved October 21, 2020, from https://www.cbsnews.com/news/russian-military-officers-hacking-cyber-attacks-charged/
  4. Six Russian GRU Officers Charged in Connection with Worldwide Deployment of Destructive Malware and Other Disruptive Actions in Cyberspace. (2020, October 19). Retrieved October 22, 2020, from https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and
Related Posts