By Christina Carrega | CNN
Six Russian military officers were charged on Monday for hacking into software using destructive malware to black out thousands of computers and cause nearly $1 billion in losses, actions that the Justice Department says were intended to support Russian government efforts to undermine, retaliate against, or otherwise destabilize worldwide computer networks.
The alleged hackers are officers of the Russian Main Intelligence Directorate (GRU), a military intelligence agency of the General Staff of the Armed Forces, the Justice Department said.
Prosecutors said they attacked Ukraine; the country of Georgia; elections in France; efforts to hold Russia accountable for its use of a weapons-grade nerve agent, Novichok, on foreign soil; and the 2018 PyeongChang Winter Olympic Games after Russian athletes were banned from participating under their nation’s flag, as a consequence of Russian government-sponsored doping effort.
The United States District Court for the Western District of Pennsylvania issued a federal arrest warrant for each of these defendants upon the grand jury’s return of the indictment.
“The defendants’ and their co-conspirators caused damage and disruption to computer networks worldwide, including in France, Georgia, the Netherlands, Republic of Korea, Ukraine, the United Kingdom, and the United States,” prosecutors said.
They are all charged in seven counts: conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft.
One of the pieces of malware developed by the hackers took down the medical systems of Heritage Valley in Pennsylvania, prosecutors said.
From November 2015 to October 2019, “their computer attacks used some of the world’s most destructive malware to date, including: KillDisk and Industroyer, which each caused blackouts in Ukraine; NotPetya, which caused nearly $1 billion in losses to the three victims identified in the indictment alone; and Olympic Destroyer, which disrupted thousands of computers used to support the 2018 PyeongChang Winter Olympics,” prosecutors said.
The NotPetya malware, for example, spread worldwide, damaged computers used in critical infrastructure, and caused enormous financial losses. Those losses were only part of the harm, however. For example, the NotPetya malware impaired Heritage Valley’s provision of critical medical services to citizens of the Western District of Pennsylvania through its two hospitals, 60 offices, and 18 community satellite facilities.
The attack caused the unavailability of patient lists, patient history, physical examination files, and laboratory records. Heritage Valley lost access to its mission-critical computer systems (such as those relating to cardiology, nuclear medicine, radiology, and surgery) for approximately one week and administrative computer systems for almost one month, thereby causing a threat to public health and safety.
Yuriy Sergeyevich Andrienko, 32; Sergey Vladimirovich Detistov, 35; Pavel Valeryevich Frolov, 28; Anatoliy Sergeyevich Kovalev, 29; Artem Valeryevich Ochichenko, 27; and Petr Nikolayevich Pliskin, 32, face a maximum sentence of 27 years in prison for wire fraud.
They are wanted and assumed to be in Russia.
Prosecutors said Kovalev allegedly developed “spearphishing techniques and messages” to target: En Marche! officials; employees of the DSTL; members of the IOC and Olympic athletes; and employees of a Georgian media entity.”
Kolvalev was previously charged in a 2018 federal indictment number in Washington, DC, with conspiring to gain unauthorized access into the computers of US persons and entities involved in the administration of the 2016 US elections.
British officials said the GRU hackers had also conducted “cyber reconnaissance” operations against organizers of the 2020 Tokyo Games, which were originally scheduled to be held this year but postponed because of the coronavirus outbreak.
The officials declined to give specific details about the attacks or whether they were successful, but said they had targeted Games organizers, logistics suppliers and sponsors.
British Foreign Secretary Dominic Raab said: “The GRU’s actions against the Olympic and Paralympic Games are cynical and reckless. We condemn them in the strongest possible terms.”
FBI Deputy Director David Bowdich said: “The FBI has repeatedly warned that Russia is a highly capable cyber adversary, and the information revealed in this indictment illustrates how pervasive and destructive Russia’s cyber activities truly are.”
Russia was banned from the world’s top sporting events for four years in December over widespread doping offenses, including the Tokyo Games which were originally scheduled for this year but postponed due to the coronavirus outbreak.
The attacks on the 2020 Games are the latest in a string of hacking attempts against international sporting organizations that Western officials and cybersecurity experts say have been orchestrated by Russia since its doping scandal erupted five years ago. Moscow has repeatedly denied the allegations.
Reuters contributed to this report.