US Charges Russian Hackers Over Ukraine Power Outages & NotPetya

The U.S. Justice Department has filed charges against six Russian intelligence officials for their alleged involvement in orchestrating some of the most damaging malware attacks globally. These attacks include a 2015 disruption of the Ukrainian power grid and the widespread NotPetya ransomware incident of 2017.

According to prosecutors, the group of hackers, associated with Russia’s GRU, is responsible for what they describe as the most consistently disruptive and destructive series of cyberattacks ever linked to a single entity.

John Demers, the U.S. assistant attorney general for national security, stated that Russia has uniquely and recklessly utilized its cyber capabilities, causing extensive damage for limited gains and motivated by malicious intent. He emphasized that no nation can achieve lasting prominence while engaging in such behavior, and that the department has brought charges against these Russian officers for carrying out a series of exceptionally damaging computer attacks, including the deployment of NotPetya malware.

The indictment details accusations that the hackers developed and deployed attacks utilizing KillDisk and Industroyer (also referred to as Crash Override) to target Ukraine’s power infrastructure. This resulted in hundreds of thousands of customers losing electricity just days before Christmas.

Prosecutors further allege the hackers were responsible for the NotPetya attack, a global ransomware event in 2017 that resulted in billions of dollars in financial losses.

The group is also accused of employing Olympic Destroyer, a tool designed to disable internet connectivity during the opening ceremony of the 2018 PyeongChang Winter Olympics in South Korea.

The six hackers are also implicated in attempts to interfere with the 2017 French elections through a “hack and leak” campaign aimed at discrediting Emmanuel Macron, then a leading presidential candidate. Additionally, they are accused of spearphishing attacks targeting the Organization for the Prohibition of Chemical Weapons and the U.K.’s Defense Science and Technology Laboratory, which were investigating the use of the Novichok nerve agent in Salisbury, U.K. in 2018, as well as attacks against entities within Georgia.

John Hultquist, a senior director at FireEye’s Mandiant threat intelligence unit, characterized the charges as encompassing a significant number of the most prominent cyberattack incidents observed to date.

The individuals charged are identified as Yuriy Sergeyevich Andrienko, 32; Sergey Vladimirovich Detistov, 35; Pavel Valeryevich Frolov, 28; Anatoliy Sergeyevich Kovalev, 29; Artem Valeryevich Ochichenko, 27; and Petr Nikolayevich Pliskin, 32. Each faces seven counts related to conspiracy to hack, commit wire fraud, and inflict computer damage.

The accused are presumed to be located in Russia. However, the indictment is intended as a public identification and condemnation of their actions, a strategy frequently used by the Justice Department when arrests or extraditions are unlikely.