(TNS) — Federal prosecutors in
Pittsburgh have indicted a group of six Russian military intelligence officers, all current or former members of the
Russian Main Intelligence Directorate, or GRU, with computer intrusion attacks worldwide dating to 2015.
Among the victims in 2017 were
Heritage Valley Health System in
Western Pennsylvania, which spent $2 million to repair damage by the malware,
U.S. Attorney Scott Brady said at a Monday news conference in
Washington, D.C.
Mr. Brady and other officials said the Russian officers are part of the same unit that the
Justice Department said attempted to disrupt the 2016 election and the 2018
Olympics after Russian athletes had been banned for doping.
The
Justice Department said defendants, all former or current members of Unit 74455 based in
Moscow, unleashed the NotPetya malware. The attacks caused nearly $1 billion in losses to three victims alone that are mentioned in the indictment. In addition to Heritage Valley, they are
TNT Express B.V. (a FedEx subsidiary) and an unnamed
U.S. pharmaceutical maker that paid $500 million to fix the damage.
Officials said there are hundreds of other victims around the world.
The conspirators also are accused of using KillDisk and Industroyer to cause blackouts of the electric grid in
Ukraine, and Olympic Destroyer, which disrupted computers used to support the 2018 Winter Olympics in Pyeongchang,
South Korea.
The six defendants are charged with conspiracy against
the United States, computer hacking, identity theft and other counts related to malware attacks.
The case, investigated by the Pittsburgh
FBI and its counterparts in
Atlanta and
Oklahoma City, was handed up by a grand jury in
Pittsburgh under seal on
Oct. 15 and announced Monday by Assistant Attorney General John Demers , who was joined by Mr. Brady ,
FBI Deputy Director David Bowdich and Michael Christman , special agent in charge of the Pittsburgh
FBI office.
The defendants are Yuriy Sergeyevich Andrienko , 32; Sergey Vladimirovich Detistov, 35; Pavel Valeryevich Frolov , 28; Anatoliy Sergeyevich Kovalev , 29; Artem Valeryevich Ochichenko, 27, and Petr Nikolayevich Pliskin , 32.
In addition to the NotPetya attacks on businesses and the hacking of Ukrainian institutions and the
Olympics, the indictment accuses the alleged conspirators of computer attacks on the French elections in 2017 and
April 2018 spear-phishing campaigns targeting investigations by the
Organisation for the Prohibition of Chemical Weapons in
the Netherlands and a
U.K. investigation into the poisoning of double agent Sergei Skripal, his daughter and several
U.K. citizens in
Salisbury, England.
The defendants also are accused of perpetrating the 2018 spear-phishing campaign that targeted a Georgian media company and a 2019 attack on the Georgian parliament and other Georgian entities.
"No country has weaponized its cyber capabilities as maliciously or irresponsibly as
Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite," said Mr. Demers in announcing the charges at a video news conference.
Mr. Brady said that federal authorities have been working for two years to expose the Russian officers, saying the military officers carried out the most destructive cyberattacks in history.
"The crimes committed by Russian government officials were against real victims who suffered real harm," he said. "We have an obligation to hold accountable those who commit crimes -- no matter where they reside and no matter for whom they work -- in order to seek justice on behalf of these victims."
In the case of Heritage Valley, prosecutors said the NotPetya malware impaired the hospital's computers at its two hospitals, 60 offices and 18 community facilities. Mr. Brady said Heritage Valley lost its computer systems for cardiology, nuclear medicine, radiology and surgery for a week and its administrative systems for a month in 2017.
Federal agents were aided in the investigation by Google's
Threat Analysis Group,
Cisco's Talos Intelligence Group, Facebook and Twitter.
The case has been assigned to U.S. District Judge Robert Colville in
Pittsburgh.
One of the defendants, Mr. Kovalev , was previously charged in 2018 in the
District of Columbia with conspiring to hack computers connected to the 2016 U.S. election.
(c)2020 the Pittsburgh Post-Gazette. Distributed by Tribune Content Agency, LLC.