Security Market Segment LS
Tuesday, 20 October 2020 09:31

US charges six Russians with being behind numerous computer intrusions Featured

US charges six Russians with being behind numerous computer intrusions Image by Evgeni Tcherkasski from Pixabay

The US has charged six Russians, all officers in Unit 74455 of the Russian Main Intelligence Directorate or GRU, of participating in intrusion of computer systems in a number of countries.

In a statement, the Department of Justice claimed the six had acted against Ukraine, Georgia, elections in France, efforts to hold Russia accountable for use of a nerve agent in another country, and the 2018 PyeongChang Winter Olympics.

The DoJ said: "The charges contained in the indictment are merely accusations, however, and the defendants are presumed innocent unless and until proven guilty beyond a reasonable doubt."

Google and its threat analysis group, Cisco, including its Talos Intelligence Group, Facebook and Twitter assisted in the investigation.

The statement said the attacks had been spread over the period November 2015 to October 2019.

It provided the following details:

  • Ukrainian government and critical infrastructure: From December 2015 through December 2016, there were destructive malware attacks against Ukraine’s electric power grid, Ministry of Finance, and State Treasury Service, using malware known as BlackEnergy, Industroyer, and KillDisk;
  • French elections: Between April and May 2017, spearphishing campaigns and related infiltrate-and-leak efforts targeted French President Emmanuel Macron’s political party, French politicians, and local French governments before the 2017 French elections;
  • Worldwide businesses and critical infrastructure: On 27 June 2017, attacks infected computers worldwide using malware known as NotPetya, including hospitals and other medical facilities in the Heritage Valley Health System in the western district of Pennsylvania; a FedEx Corporation subsidiary, TNT Express; and a large US pharmaceutical manufacturer, which together suffered nearly US$1 billion (A$1.4 billion) in losses from the attacks;
  • PyeongChang Winter Olympics hosts, participants, partners and attendees: From December 2017 through February 2018, spearphishing campaigns and malicious mobile applications targeted South Korean citizens and officials, Olympic athletes, partners, and visitors, and International Olympic Committee officials;
  • PyeongChang Winter Olympics IT systems): From December 2017 through February 2018, intrusions into computers supporting the 2018 PyeongChang Winter Olympic Games culminated in a 9 February 2018 attack against the opening ceremony, using malware known as Olympic Destroyer;
  • Novichok poisoning investigations: From April 2018 spearphishing campaigns targeted investigations by the Organisation for the Prohibition of Chemical Weapons and the UK Defence Science and Technology Laboratory into the nerve agent poisoning of Sergei Skripal, his daughter, and several UK citizens; and
  • Georgian companies and government entities: A 2018 spearphishing campaign targeted a major media company, a 2019 effort was made to compromise the parliament network and a wide-ranging website defacement campaign was carried out in 2019.

The statement said cyber security researchers had tracked the six and their activity using the labels Sandworm Team, Telebots, Voodoo Bear and Iron Viking.

charges russians chart

"No country has weaponised its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite,” said Assistant Attorney-General for National Security, John C. Demers.

“Today the department has charged these Russian officers with conducting the most disruptive and destructive series of computer attacks ever attributed to a single group, including by unleashing the NotPetya malware. No nation will recapture greatness while behaving in this way.”

FBI deputy director David Bowdich said: “The FBI has repeatedly warned that Russia is a highly capable cyber adversary, and the information revealed in this indictment illustrates how pervasive and destructive Russia’s cyber activities truly are.

“But this indictment also highlights the FBI’s capabilities. We have the tools to investigate these malicious malware attacks, identify the perpetrators, and then impose risks and consequences on them. As demonstrated today, we will relentlessly pursue those who threaten the US and its citizens.”

Asked for his take on the charges, former NSA hacker Jake Williams said: "I think the timing of the announcement is interesting. I don't believe for a minute that it's any coincidence that we're seeing a tough-on-Russia move immediately before the election.

"That said, I'm not sure whether the indictments are timed to help the president [Donald Trump] or if they are an effort by the DoJ to salvage some reputation in the apparently increasingly likely chance that [Democrat candidate Joe] Biden wins.

"From a technology standpoint, I'm not sure there's really much in the indictment that wasn't already publicly known. Perhaps the most interesting part is the confirmation that a Russian APT tried to camouflage themselves as North Korean actors."

Chester Wisniewski, principal research scientist at Sophos, said the indictments were an interesting development in attempts by Western governments to rein in foreign adversary attacks.

"Sandworm has operated for more than 10 years and has played nearly every card in the attacker playbook," he said.

"They are accused of having used spearphishing, document exploits, password stealers, living-off-the-land tools, supply chain hijacking and destructive wipers, and have even pretended to be ransomware in efforts to create false flags for investigators. They have been a noisy operation and many of us have been expecting this day to come for some time."

Wisniewski, who has been working in the security sphere for a long time, added: "Another result of this noisiness is they have inadvertently popularised sophisticated nation-state level tactics to be copied by everyday criminals.

"While they did not pioneer all these methods, they certainly perfected them and exposed their usefulness in breaching organisations' defences. Considering the accused are members of the GRU, they are unlikely to ever be arrested. Three of the accused were previously indicted for other crimes and these indictments might prove to embolden them rather than curb their behaviour.

"We're no safer than we were yesterday, and we need to continue to bolster our defences to be prepared for Sandworm or any of the garden variety criminals they have inspired. Were they to be arrested, their replacements are already in training and the relentless thirst of nation-states to compromise and interfere with their adversaries goes undeterred."

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News