The United States has indicted a six-member team of Russian spies for creating and using destructive malware to damage the computers of hundreds of state institutions and private companies around the globe, including in Ukraine.
The Russian hackers have been charged with creating and deploying notorious malware such as BlackEnergy, KillDisk, Industroyer, Olympic Destroyer and NotPetya, the U.S. Department of Justice stated on Oct. 19.
The team of Russian agents — who work for the Russian GRU military intelligence agency — hacked Ukraine’s power grids and the Ministry of Finance and State Treasury in 2015–2016. They carried out other hacking attacks later in 2017.
These Russian agents were part of the notorious hacker team the Sandworm Team, also known as Telebots, Voodoo Bear or Iron Viking. They are Yuriy Andrienko, 32; Sergey Detistov, 35; Pavel Frolov, 28; Anatoliy Kovalev, 29; Artem Ochichenko, 27; and Petr Pliskin, 32.
In December 2015, these hackers remotely accessed dozens of power distribution stations in Ukraine and disturbed their work, causing massive power outages and leaving over 225,000 people without power. Almost a year later, hackers did the same in Kyiv, using malware called Industroyer.
In December 2016, the Russian hackers attacked the Finance Ministry and the State Treasury, disrupting about 150,000 electronic transactions — payments were postponed and websites of the state bodies stopped to work.
But the hardest blow was when the hackers deployed a ransomware called NotPetya in June 2017. NotPetya spread across the computers of numerous Ukrainian companies and government bodies, including the Cabinet of Ministers, the Infrastructure Ministry, and even the Chornobyl Nuclear Power Plant.
Although the attack seems to have been initially aimed at destabilizing Ukraine, the malware further spread to other countries, erasing data from computers of famous international brands. Pharma company Merck, for example, lost $870 million as a result of the attack. FedEx’s European subsidiary TNT Express lost $400 million.
The FBI, which took part in the investigation, estimates that the NotPetya attack was “one of the most destructive cyberattacks ever.” According to Tom Bossert, former Homeland Security advisor to U.S. President Donald Trump, the total damage was about $10 billion.
These hackers’ team also hacked Georgian state entities and private firms and spread some of their malware across French state entities and political parties right before the 2017 presidential election there.
From December 2017 to February 2018, the hackers were attacking computers of the PyeongChang Winter Olympics. The attacks took place after the International Olympic Committee found evidence that many Russian athletes violated the anti-doping system and consequently banned them from participating in the Olympics under Russia’s national flag.
There were many more attacks, including on the Organization for the Prohibition of Chemical Weapons and the United Kingdom’s Defense Science and Technology Laboratory, which investigated the poisoning of former Russian double agent Sergei Skripal, his daughter Yulia and several British citizens with the Novichok nerve agent in the British town of Salisbury.
According to the U.S. Department of Justice, the latest attack carried out by the hackers happened in October 2019.
