Security Market Segment LS
Tuesday, 20 October 2020 09:31

US charges six Russians with being behind numerous computer intrusions Featured

US charges six Russians with being behind numerous computer intrusions Image by Evgeni Tcherkasski from Pixabay

The US has charged six Russians, all officers in Unit 74455 of the Russian Main Intelligence Directorate or GRU, of participating in intrusion of computer systems in a number of countries.

In a statement, the Department of Justice claimed the six had acted against Ukraine, Georgia, elections in France, efforts to hold Russia accountable for use of a nerve agent in another country, and the 2018 PyeongChang Winter Olympics.

The DoJ said: "The charges contained in the indictment are merely accusations, however, and the defendants are presumed innocent unless and until proven guilty beyond a reasonable doubt."

Google and its threat analysis group, Cisco, including its Talos Intelligence Group, Facebook and Twitter assisted in the investigation.

The statement said the attacks had been spread over the period November 2015 to October 2019.

It provided the following details:

  • Ukrainian government and critical infrastructure: From December 2015 through December 2016, there were destructive malware attacks against Ukraine’s electric power grid, Ministry of Finance, and State Treasury Service, using malware known as BlackEnergy, Industroyer, and KillDisk;
  • French elections: Between April and May 2017, spearphishing campaigns and related infiltrate-and-leak efforts targeted French President Emmanuel Macron’s political party, French politicians, and local French governments before the 2017 French elections;
  • Worldwide businesses and critical infrastructure: On 27 June 2017, attacks infected computers worldwide using malware known as NotPetya, including hospitals and other medical facilities in the Heritage Valley Health System in the western district of Pennsylvania; a FedEx Corporation subsidiary, TNT Express; and a large US pharmaceutical manufacturer, which together suffered nearly US$1 billion (A$1.4 billion) in losses from the attacks;
  • PyeongChang Winter Olympics hosts, participants, partners and attendees: From December 2017 through February 2018, spearphishing campaigns and malicious mobile applications targeted South Korean citizens and officials, Olympic athletes, partners, and visitors, and International Olympic Committee officials;
  • PyeongChang Winter Olympics IT systems): From December 2017 through February 2018, intrusions into computers supporting the 2018 PyeongChang Winter Olympic Games culminated in a 9 February 2018 attack against the opening ceremony, using malware known as Olympic Destroyer;
  • Novichok poisoning investigations: From April 2018 spearphishing campaigns targeted investigations by the Organisation for the Prohibition of Chemical Weapons and the UK Defence Science and Technology Laboratory into the nerve agent poisoning of Sergei Skripal, his daughter, and several UK citizens; and
  • Georgian companies and government entities: A 2018 spearphishing campaign targeted a major media company, a 2019 effort was made to compromise the parliament network and a wide-ranging website defacement campaign was carried out in 2019.

The statement said cyber security researchers had tracked the six and their activity using the labels Sandworm Team, Telebots, Voodoo Bear and Iron Viking.

charges russians chart

"No country has weaponised its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite,” said Assistant Attorney-General for National Security, John C. Demers.

“Today the department has charged these Russian officers with conducting the most disruptive and destructive series of computer attacks ever attributed to a single group, including by unleashing the NotPetya malware. No nation will recapture greatness while behaving in this way.”

FBI deputy director David Bowdich said: “The FBI has repeatedly warned that Russia is a highly capable cyber adversary, and the information revealed in this indictment illustrates how pervasive and destructive Russia’s cyber activities truly are.

“But this indictment also highlights the FBI’s capabilities. We have the tools to investigate these malicious malware attacks, identify the perpetrators, and then impose risks and consequences on them. As demonstrated today, we will relentlessly pursue those who threaten the US and its citizens.”

Asked for his take on the charges, former NSA hacker Jake Williams said: "I think the timing of the announcement is interesting. I don't believe for a minute that it's any coincidence that we're seeing a tough-on-Russia move immediately before the election.

"That said, I'm not sure whether the indictments are timed to help the president [Donald Trump] or if they are an effort by the DoJ to salvage some reputation in the apparently increasingly likely chance that [Democrat candidate Joe] Biden wins.

"From a technology standpoint, I'm not sure there's really much in the indictment that wasn't already publicly known. Perhaps the most interesting part is the confirmation that a Russian APT tried to camouflage themselves as North Korean actors."

Chester Wisniewski, principal research scientist at Sophos, said the indictments were an interesting development in attempts by Western governments to rein in foreign adversary attacks.

"Sandworm has operated for more than 10 years and has played nearly every card in the attacker playbook," he said.

"They are accused of having used spearphishing, document exploits, password stealers, living-off-the-land tools, supply chain hijacking and destructive wipers, and have even pretended to be ransomware in efforts to create false flags for investigators. They have been a noisy operation and many of us have been expecting this day to come for some time."

Wisniewski, who has been working in the security sphere for a long time, added: "Another result of this noisiness is they have inadvertently popularised sophisticated nation-state level tactics to be copied by everyday criminals.

"While they did not pioneer all these methods, they certainly perfected them and exposed their usefulness in breaching organisations' defences. Considering the accused are members of the GRU, they are unlikely to ever be arrested. Three of the accused were previously indicted for other crimes and these indictments might prove to embolden them rather than curb their behaviour.

"We're no safer than we were yesterday, and we need to continue to bolster our defences to be prepared for Sandworm or any of the garden variety criminals they have inspired. Were they to be arrested, their replacements are already in training and the relentless thirst of nation-states to compromise and interfere with their adversaries goes undeterred."

Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.


WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News