The US Department of Justice has unsealed charges today against six Russian nationals believed to be part of one of Russia's most elite and secretive hacking groups, universally known as Sandworm.
US officials said all six nationals are officers in Unit 74455 of the Russian Main Intelligence Directorate (GRU), a military intelligence agency of the Russian Army, DOJ officials said today.
Under orders from the Russian government, US officials said the six (believed to be part of a much larger group) conducted cyber-attacks on behalf of the Russian government with the intent to destabilize other countries, interfere in their internal politics, and cause havoc and monetary losses.
Their attacks span the last decade and include some of the biggest cyber-attacks known to date:
- Ukrainian Government & Critical Infrastructure: December 2015 through December 2016 destructive malware attacks against Ukraine's electric power grid, Ministry of Finance, and State Treasury Service, using malware known as BlackEnergy, Industroyer, and KillDisk;
- French Elections: April and May 2017 spearphishing campaigns and related hack-and-leak efforts targeting French President Macron's "La République En Marche!" ("En Marche!") political party, French politicians, and local French governments prior to the 2017 French elections;
- Worldwide Businesses and Critical Infrastructure (NotPetya): June 27, 2017, destructive malware attacks that infected computers worldwide using malware known as NotPetya, including hospitals and other medical facilities in the Heritage Valley Health System ("Heritage Valley") in the Western District of Pennsylvania; a FedEx Corporation subsidiary, TNT Express BV; and a large US pharmaceutical manufacturer, which together suffered nearly $1 billion in losses from the attacks;
- PyeongChang Winter Olympics Hosts, Participants, Partners, and Attendees: December 2017 through February 2018 spearphishing campaigns and malicious mobile applications targeting South Korean citizens and officials, Olympic athletes, partners, and