Charges point to cyberattacks by Russia on Olympics, Ukraine
WASHINGTON — The United States on Monday unsealed criminal charges against six Russian intelligence officers in connection with some of the world’s most damaging cyberattacks, including disruption of Ukraine’s power grid and releasing a mock ransomware virus — NotPetya — that infected computers globally, causing billions of dollars in damage.
That group, authorities say, also hacked computers supporting the 2018 Winter Olympics in South Korea, hacked and leaked emails of individuals involved in French presidential candidate Emmanuel Macron’s campaign in 2017, and targeted the international and British organizations investigating the poisoning of a former Russian operative, Sergei Skripal, two years ago in Britain.
The alleged hackers are members of the same military intelligence agency — the GRU — previously charged in connection with efforts to interfere in the 2016 U.S. presidential campaign. But the new indictment does not charge them with U.S. election interference, and officials said the announcement was not timed to the current political schedule.
Rather, they stand accused of what Justice Department officials say is the single most disruptive and destructive series of cyberattacks ever attributed to one group. The indictment, like others before it, are an effort, officials say, to pull the veil back on how Moscow has sought to punish or retaliate against detractors of the Russian federation — whether they are former Soviet states, European nations or the United States.
“No country has weaponized its cyber capabilities as maliciously and irresponsibly as Russia, wantonly causing unprecedented collateral damage to pursue small tactical advantages and to satisfy fits of spite,” Assistant Attorney General John Demers said in announcing the indictment.
One of those charged, 29-yearold Anatoliy Kovalev, was also indicted in 2018 by then-special counsel Robert S. Mueller
III as part of an alleged conspiracy to hack American election systems during the 2016 presidential contest.
Russian officials dismissed the development.
“The new allegations of cyberattacks aimed at interfering are another step to discredit Moscow,” Leonid Slutsky, chairman of the State Duma Committee on International Affairs, told the Interfax news agency. “Such statements have never been accompanied by strong evidence — it’s all in the category of ‘highly likely.’ ”
The charges read like a Top 10 list of cyberattacks and attempts, which authorities say were conducted by a team known as Unit 74455 and which cybersecurity researchers have dubbed the Sandworm Team.
In 2016, Unit 74455 worked in tandem with another GRU team, Unit 26165, to carry out the hack and leak of Democratic computers ahead of that year’s election in 2016. Unit 26165 conducted the intrusion, officials determined, while their colleagues at Unit 74455 set up a website, DC Leaks, to display hacked emails. The GRU also leaked the emails to WikiLeaks, whose disclosure drew far more attention than DC Leaks’.
Though officials said Monday’s indictment was not a specific warning to Moscow to avoid interfering in this year’s election, they said it serves as a “general” warning that such activities are not deniable. “Americans should be confident that a vote cast for their candidate will be counted for that candidate,” Demers said.
FBI Deputy Director David Bowdich said charges show that “time and again, Russia has made it clear they will not abide by accepted norms and instead they intend to continue their destructive and destabilizing cyber behavior.”
The timeline of Unit 74455’s activities dates back at least to 2015. According to the indictment, the alleged hackers unleashed wave after wave of computer attacks on Ukraine — a former Soviet state engaged in ongoing conflict with Russia and perennial target for Moscow.
In late 2015 and 2016, the alleged hackers launched computer attacks against Ukraine’s electric grid, officials said.
“These attacks turned out the lights and turned off the heat in the middle of the Eastern European winter, as the lives of hundreds of thousands of Ukrainian men, women and children went dark and cold,” Demers said.
In 2017, U.S. officials said, the Russian military launched a more costly attack against Ukraine, one that quickly spread to computer systems around the world. That malware, dubbed “NotPetya,” is considered by many security experts to be the most destructive cyberattack ever unleashed. Disguised as ransomware ostensibly demanding money, NotPetya acted more like a forest fire, torching computer networks as it spread and inflicting billions of dollars in damages.
It infected computers at dozens of hospitals, doctors’ offices and medical facilities in western Pennsylvania as well as a large drugmaker and a FedEx subsidiary, which collectively suffered nearly $1 billion in losses, officials said.