What just happened? Sandworm, Russia's secretive, yet elite hacking unit is allegedly behind some of the worst cyberattacks in recent memory. Today, the United States Department of Justice charged six Russian intelligence officers believed to be part of this group with launching the "world's most destructive malware." Despite the indictment, it's unlikely these individuals will be brought to face trial.
The Russian intel officers are believed to be apart of the Russian's secretive Sandworm hacking group. Some of the attacks allegedly perpetrated by this group include the cyberattack on the Ukrainian power grid in December 2015 and the NotPetya ransomware attack in 2017.
The list of cyberattacks that these individuals were presumably part of is pretty extensive...
- The 2015 malware attacks against Ukraine's power grid via malware called BlackEnergy, Industroyer, and KillDisk.
- The 2017 worldwide ransomware attacks that affected hospitals and other medical facilities using malware called NotPetya.
- Spear phishing campaigns aimed at disrupting the 2017 French elections.
- The "Olympic Destroyer" malware that was launched against IT systems during the PyeongChang Winter Olympic Games. This is combined with a separate spear phishing campaign and mobile device targeting towards South Korean citizens, athletes, visitors, and Olympic officials.
- An April 2018 spear phishing campaign directed at investigations into the nerve agent poisoning of Sergei Skripal.
- Yet another spear phishing campaign that targeted a major media company in the country of Georgia along with efforts in 2019 to compromise the Georgian Parliament network infrastructure.
The names of the hackers are Yuriy Sergeyevich Andrienko, Sergey Vladimierovich Destistov, Pavel Valeryevich Frolov, Anatoiy Sergeyevich Kovalev, Artem Valeryevich Ochichenko, and Petr Nikolayevich Pliskin. All of them are believed to reside in Russia, so this indictment merely serves as a way of "shaming" them in public. Russian is highly unlikely to turn over their own intelligence officers.
“For more than two years we have worked tirelessly to expose these Russian GRU Officers who engaged in a global campaign of hacking, disruption and destabilization, representing the most destructive and costly cyber-attacks in history,” said U.S. Attorney Scott W. Brady for the Western District of Pennsylvania.
“The crimes committed by Russian government officials were against real victims who suffered real harm. We have an obligation to hold accountable those who commit crimes – no matter where they reside and no matter for whom they work – in order to seek justice on behalf of these victims.”
Indeed, the NotPetya ransomware was particularly dangerous because of the threat to hospitals and major cities. U.S. cities such as Baltimore, Maryland had its infrastructure crippled which disrupted critical services and the U.K. National Health Service was also hit hard. NotPetya was designed to damage systems by deleting hard drives' master boot record, so even if victims paid the ransom, the private key would only recover individual files, not fix the entire system.
While nothing will probably come of this, you can read the full indictment here.