Notpetya, Olympics hacking, Novichok probe meddling... America throws the book at six alleged Kremlin hackers

While the UK says Russia probed 2020 Games systems, too


Six men have been named as Russian military hackers and accused of spreading malware, disrupting the Olympics in retaliation for Russia's doping ban, and meddling with elections as well as probes into Novichok poisonings.

Today, the US government claimed the alleged team of cyber-spies:

  • Unleashed the file-scrambling ransomware NotPetya that in 2017 infected computers worldwide, from hospitals and an American pharmaceutical manufacturer to FedEx, TNT, and others, causing an estimated $1bn in damages.
  • Targeted South Koreans, athletes, the International Olympic Committee officials, and more, with spear-phishing and malicious mobile apps in the run-up to the 2018 Winter Olympics in Pyeongchang, South Korea. In February that year, the team infected and brought down Winter Olympics IT systems with the Olympic Destroyer malware, it is also claimed. Prosecutors said these actions were in retaliation for Russia being banned from the games due to its athletes' state-sanctioned use of performance-enhancing drugs.
  • Spear-phished experts at the international Organisation for the Prohibition of Chemical Weapons and the UK's Defence Science and Technology Laboratory, who were investigating the Novichok nerve-agent poisoning of Sergei Skripal, his daughter Yulia, and others on English soil in 2018. Britain blamed Russia for the poisonings, which killed a woman named Dawn Sturgess.
  • Launched "destructive malware attacks" against Ukraine’s electric power grid, Ministry of Finance, and State Treasury Service between December 2015 and December 2016 using software nasties BlackEnergy, Industroyer, and KillDisk.
  • Hacked the French President Macron’s political party, French politicians, and local French governments ahead of the country's 2017 elections, and leaking documents subsequently stolen.
  • And spear-phished a major media company in the post-Soviet republic of Georgia and at least tried to hack into its parliamentary networks.

All six Russians have been charged [PDF] in the United States with conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft. They are said to be members of unit 74455 in the GRU, Russia's military intelligence operation. That unit is believed to be part of a team known as APT28 and Fancy Bear. The six men are:

  • Yuriy Sergeyevich Andrienko, 32: Said to have developed components of the NotPetya and Olympic Destroyer malware.
  • Sergey Vladimirovich Detistov, 35: Said to have developed components of the NotPetya malware, and prepared spear-phishing campaigns targeting the 2018 Pyeongchang Winter Olympic Games.
  • Pavel Valeryevich Frolov, 28: Said to have developed components of the KillDisk and NotPetya malware.
  • Anatoliy Sergeyevich Kovalev, 29: Said to have developed spear-phishing techniques and messages used to target the French elections, Britain's Novichok investigators, Olympic athletes and officials, and Georgian media.
  • Artem Valeryevich Ochichenko, 27: Said to have spear-phished 2018 Pyeongchang Winter Olympic Games partners, and conducted technical reconnaissance of the Parliament of Georgia and attempted to gain unauthorized access to its network.
  • Petr Nikolayevich Pliskin, 32: Said to have developed components of the NotPetya and Olympic Destroyer malware.

“No country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite,” thundered America's Assistant Attorney General for National Security John Demers in a canned statement.

“Today the Justice Department has charged these Russian officers with conducting the most disruptive and destructive series of computer attacks ever attributed to a single group, including by unleashing the NotPetya malware. No nation will recapture greatness while behaving in this way.”

Meanwhile, on the other side of the Atlantic...

This all comes at the same time British intelligence revealed Russian government hackers probed the computer security of the 2020 Olympics, due to be held in Tokyo this summer until the pandemic forced its postponement.

We're told the snoops "conducted cyber reconnaissance against officials and organisations at the 2020 Olympic and Paralympic Games," and that the "targets included the Games’ organisers, logistics services and sponsors." These are the same hackers who hit the 2018 Games in South Korea with file-wiping malware, and made it appear North Korea was behind that particular intrusion, the Brits said.

President Vladimir Putin surrounded by aides and soldiers

When it comes to hacking societies, Russia remains the master at sowing discord and disinformation online

READ MORE

Back in 2018, the GRU hackers deployed “data deletion” software onto “targeted devices across the Republic of Korea using VPNFilter,” British officials said, referring to that Kremlin-linked malware. The hackers also attacked broadcasters and a ski resort, it is claimed.

It seems the Kremlin began targeting world sporting agencies after it became obvious that its doping campaign would lead to the nation's athletes being banned from competing internationally for years for cheating.

Foreign Secretary Dominic Raab said in a canned statement: “The GRU’s actions against the Olympic and Paralympic Games are cynical and reckless. We condemn them in the strongest possible terms. The UK will continue to work with our allies to call out and counter future malicious cyber attacks.”

Today’s attribution by the British largely mirrors one made two years ago against the same Russian unit.

Interestingly, Russian antivirus firm Kaspersky identified in 2018 that APT28’s Olympic Destroyer malware didn’t originate from North Korea as first thought, something NCSC and Uncle Sam have now echoed. At the time Kaspersky guessed it may have been APT28 though wasn’t confident enough to state that as a fact.

Although all of this latest finger-pointing clearly will have little or no deterrent effect against state-backed hackers in authoritarian countries – and there is no way Russia is going to hand over the charged men to the United States – one potential benefit is signalling to allies that Britain and the US, to an extent, are not shying away from confronting Russia.

It also tells the world that a nation of red-faced cheats is now trying to plow the sports field, so to speak, and ruin everyone's fun. ®

Similar topics

Narrower topics


Other stories you might like

  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading
  • Big Tech loves talking up privacy – while trying to kill privacy legislation
    Study claims Amazon, Apple, Google, Meta, Microsoft work to derail data rules

    Amazon, Apple, Google, Meta, and Microsoft often support privacy in public statements, but behind the scenes they've been working through some common organizations to weaken or kill privacy legislation in US states.

    That's according to a report this week from news non-profit The Markup, which said the corporations hire lobbyists from the same few groups and law firms to defang or drown state privacy bills.

    The report examined 31 states when state legislatures were considering privacy legislation and identified 445 lobbyists and lobbying firms working on behalf of Amazon, Apple, Google, Meta, and Microsoft, along with industry groups like TechNet and the State Privacy and Security Coalition.

    Continue reading
  • SEC probes Musk for not properly disclosing Twitter stake
    Meanwhile, social network's board rejects resignation of one its directors

    America's financial watchdog is investigating whether Elon Musk adequately disclosed his purchase of Twitter shares last month, just as his bid to take over the social media company hangs in the balance. 

    A letter [PDF] from the SEC addressed to the tech billionaire said he "[did] not appear" to have filed the proper form detailing his 9.2 percent stake in Twitter "required 10 days from the date of acquisition," and asked him to provide more information. Musk's shares made him one of Twitter's largest shareholders. The letter is dated April 4, and was shared this week by the regulator.

    Musk quickly moved to try and buy the whole company outright in a deal initially worth over $44 billion. Musk sold a chunk of his shares in Tesla worth $8.4 billion and bagged another $7.14 billion from investors to help finance the $21 billion he promised to put forward for the deal. The remaining $25.5 billion bill was secured via debt financing by Morgan Stanley, Bank of America, Barclays, and others. But the takeover is not going smoothly.

    Continue reading

Biting the hand that feeds IT © 1998–2022