The US has charged 6 Russian hackers over a series of global cyber-attacks, including trying to undermine UK efforts to hold Moscow accountable for the Salisbury spy poisoning.
The attacks may partly have been prompted by Russia’s 4-year ban for doping.
Mug shots of the men, aged between 27 & 35, were released on a poster with the words: “Wanted by the FBI”.
The announcement came as Britain accused Russian cyber spies of attacking the 2020 Olympics & Paralympics before they were postponed, & of posing as Chinese & N. Korean hackers to target the 2018 games.
Cynical & Reckless
Dominic Raab, UK Foreign Secretary, described the actions of Russia’s GRU military intelligence service as “cynical & reckless”.
The UK named the group it said was behind the attacks as the GRU’s ‘Main Centre for Special Technologies’, also known as ‘Unit 74455’.
This is the same group of hackers that supposedly targeted the 2016 US presidential election.
The US Justice Department (DoJ) said a Federal Grand Jury in Pittsburgh, PA returned an indictment charging 6 computer hackers, who are all allegedly members of Unit 74455.
It accused the hackers “& their co-conspirators” of cyber-attacks, including against the UK’s defence laboratory at Porton Down, & the UN’s chemical weapons watchdog in the Hague in April 2018, because both organisations investigated the poisoning of former Russian spy Sergei Skripal & his daughter Yulia in Salisbury.
The UK accused Russia of the nerve agent attack with a Novichok toxin, with clear evidence.
One of the men – Anatoliy Sergeyevich Kovalev, 27 was specifically accused of having developed “spearphishing techniques & messages used to target… employees of the DSTL,” referring to the UK’s Defence Science & Technology Laboratory (DSTL) at Porton Down.
The hackers were also charged with attacking the French Presidential Election in 2017. Then presidential candidate Emmanuel Macron’s campaign was hit by a hack & leak attack just prior to polling day.
Also, on the charge-list was what is regarded as the world’s most devastating cyber-attack to-date – the NotPetya attack against Ukraine in June 2017.
This attack went viral, hitting companies worldwide, including in the US & UK, & inflicting some $10b in damage.
“No country has weaponised its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages & to satisfy fits of spite,” US Assistant Attorney General for National Security John C. Demers commented.
“Today the Dept. has charged these Russian officers with conducting the most disruptive & destructive series of computer attacks ever attributed to a single group, including by unleashing the NotPetya malware. No nation will recapture greatness while behaving in this way.”
Winter Olympic Games
Other attacks linked to this group included against Georgia, & the 2018 Pyeongchang Winter Olympic Games in S. Korea.
The suspects were named as Yuriy Sergeyevich Andrienko, 32; Sergey Vladimirovich Detistov, 35; Pavel Valeryevich Frolov, 28; Anatoliy Sergeyevich Kovalev, 29; Artem Valeryevich Ochichenko, 27; & Petr Nikolayevich Pliskin, 32.
Naming, & issuing charges is still a huge distance from bringing anyone to trial. The suspects are allegedly Russian nationals living in Russia, so it is very unlikely they will be handed over to US prosecutors.
The indictment will prevent them from being able to travel to the US or anywhere that the US has an extradition agreement – a move that the US regards as having a ‘deterrent effect’ against anyone considering a future cyber-attack.
In another statement, the UK Foreign, Commonwealth & Development Office accused Russia of conducting “reconnaissance” against organisers of the 2020 summer games in Tokyo before the event was delayed because of the coronavirus pandemic.
Targets also included companies involved in logistics for the games as well as sponsors.
The games had been scheduled to take place from 23 July to 8 August. but were postponed in March until Summer 2021.
Details of the reconnaissance were not revealed, but it could involve things like setting up fake websites pretending to be a particular organisation, or perhaps creating accounts pretending to be a certain individual.
The aim could well have been to try & disrupt the global sporting bonanza at a time when Russia is banned from taking part for 4 years because of a doping scandal.
“The GRU’s actions against the Olympic & Paralympic Games are cynical & reckless. We condemn them in the strongest possible terms,” Mr Raab said in a statement.
“The UK will continue to work with our allies to call out & counter future malicious cyber-attacks.”
The timing of UK’s allegation being released is in part to raise awareness about the cyber threat, as organisers prepare to hold the delayed Olympics in Japan in 2021.
The UK Foreign Office also, for the 1st time, confirmed details about a 2018 cyber-attack on the Winter Olympic & Paralympic Games in Pyeongchang
“The GRU’s cyber unit attempted to disguise itself as N. Korean & Chinese hackers when it targeted the opening ceremony of the 2018 Winter Games,” it observed.
“It went on to target broadcasters, a ski resort, Olympic officials & sponsors of the games in 2018. The GRU deployed data-deletion malware against the Winter Games IT systems & targeted devices across the Republic of Korea using VPNFilter.”
The Russian hackers’ alleged attempt to cover their tracks included using certain snippets of code & techniques to try to confuse investigators into think they were from China & N. Korea.
The UK’s National Cyber Security Centre (NCSC), a branch of GCHQ, believe Russia’s aim was to sabotage the running of the games, the UK Foreign Office observed.
It noted that the malware used by the hackers in the 2018 attack was designed to wipe data from, & disable, computers & networks.
GRU Unit 74455
“Administrators worked to isolate the malware & replace the affected computers, preventing potential disruption,” the UK Foreign Office further commented.
GRU Unit 74455 is also known by other names including Sandworm, BlackEnergy Group & Voodoo Bear.
The UK previously attributed other major cyber-attacks to the group, including the June 2017 NotPetya attack against financial, energy & govt. sectors in Ukraine.