Notpetya, Olympics hacking, Novichok probe meddling... America throws the book at six alleged Kremlin hackers
While the UK says Russia probed 2020 Games systems, too
Six men have been named as Russian military hackers and accused of spreading malware, disrupting the Olympics in retaliation for Russia's doping ban, and meddling with elections as well as probes into Novichok poisonings.
Today, the US government claimed the alleged team of cyber-spies:
- Unleashed the file-scrambling ransomware NotPetya that in 2017 infected computers worldwide, from hospitals and an American pharmaceutical manufacturer to FedEx, TNT, and others, causing an estimated $1bn in damages.
- Targeted South Koreans, athletes, the International Olympic Committee officials, and more, with spear-phishing and malicious mobile apps in the run-up to the 2018 Winter Olympics in Pyeongchang, South Korea. In February that year, the team infected and brought down Winter Olympics IT systems with the Olympic Destroyer malware, it is also claimed. Prosecutors said these actions were in retaliation for Russia being banned from the games due to its athletes' state-sanctioned use of performance-enhancing drugs.
- Spear-phished experts at the international Organisation for the Prohibition of Chemical Weapons and the UK's Defence Science and Technology Laboratory, who were investigating the Novichok nerve-agent poisoning of Sergei Skripal, his daughter Yulia, and others on English soil in 2018. Britain blamed Russia for the poisonings, which killed a woman named Dawn Sturgess.
- Launched "destructive malware attacks" against Ukraine’s electric power grid, Ministry of Finance, and State Treasury Service between December 2015 and December 2016 using software nasties BlackEnergy, Industroyer, and KillDisk.
- Hacked the French President Macron’s political party, French politicians, and local French governments ahead of the country's 2017 elections, and leaking documents subsequently stolen.
- And spear-phished a major media company in the post-Soviet republic of Georgia and at least tried to hack into its parliamentary networks.
All six Russians have been charged [PDF] in the United States with conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft. They are said to be members of unit 74455 in the GRU, Russia's military intelligence operation. That unit is believed to be part of a team known as APT28 and Fancy Bear. The six men are:
- Yuriy Sergeyevich Andrienko, 32: Said to have developed components of the NotPetya and Olympic Destroyer malware.
- Sergey Vladimirovich Detistov, 35: Said to have developed components of the NotPetya malware, and prepared spear-phishing campaigns targeting the 2018 Pyeongchang Winter Olympic Games.
- Pavel Valeryevich Frolov, 28: Said to have developed components of the KillDisk and NotPetya malware.
- Anatoliy Sergeyevich Kovalev, 29: Said to have developed spear-phishing techniques and messages used to target the French elections, Britain's Novichok investigators, Olympic athletes and officials, and Georgian media.
- Artem Valeryevich Ochichenko, 27: Said to have spear-phished 2018 Pyeongchang Winter Olympic Games partners, and conducted technical reconnaissance of the Parliament of Georgia and attempted to gain unauthorized access to its network.
- Petr Nikolayevich Pliskin, 32: Said to have developed components of the NotPetya and Olympic Destroyer malware.
“No country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite,” thundered America's Assistant Attorney General for National Security John Demers in a canned statement.
“Today the Justice Department has charged these Russian officers with conducting the most disruptive and destructive series of computer attacks ever attributed to a single group, including by unleashing the NotPetya malware. No nation will recapture greatness while behaving in this way.”
Meanwhile, on the other side of the Atlantic...
This all comes at the same time British intelligence revealed Russian government hackers probed the computer security of the 2020 Olympics, due to be held in Tokyo this summer until the pandemic forced its postponement.
We're told the snoops "conducted cyber reconnaissance against officials and organisations at the 2020 Olympic and Paralympic Games," and that the "targets included the Games’ organisers, logistics services and sponsors." These are the same hackers who hit the 2018 Games in South Korea with file-wiping malware, and made it appear North Korea was behind that particular intrusion, the Brits said.
When it comes to hacking societies, Russia remains the master at sowing discord and disinformation onlineREAD MORE
Back in 2018, the GRU hackers deployed “data deletion” software onto “targeted devices across the Republic of Korea using VPNFilter,” British officials said, referring to that Kremlin-linked malware. The hackers also attacked broadcasters and a ski resort, it is claimed.
It seems the Kremlin began targeting world sporting agencies after it became obvious that its doping campaign would lead to the nation's athletes being banned from competing internationally for years for cheating.
Foreign Secretary Dominic Raab said in a canned statement: “The GRU’s actions against the Olympic and Paralympic Games are cynical and reckless. We condemn them in the strongest possible terms. The UK will continue to work with our allies to call out and counter future malicious cyber attacks.”
Today’s attribution by the British largely mirrors one made two years ago against the same Russian unit.
Interestingly, Russian antivirus firm Kaspersky identified in 2018 that APT28’s Olympic Destroyer malware didn’t originate from North Korea as first thought, something NCSC and Uncle Sam have now echoed. At the time Kaspersky guessed it may have been APT28 though wasn’t confident enough to state that as a fact.
Although all of this latest finger-pointing clearly will have little or no deterrent effect against state-backed hackers in authoritarian countries – and there is no way Russia is going to hand over the charged men to the United States – one potential benefit is signalling to allies that Britain and the US, to an extent, are not shying away from confronting Russia.
It also tells the world that a nation of red-faced cheats is now trying to plow the sports field, so to speak, and ruin everyone's fun. ®