Six Russian military officers have been charged in the US with carrying out ‘cynical and reckless’ global cyber attacks, including attempts to disrupt next year’s Olympic and Paralympic Games in Tokyo.
British and US officials said the attacks were conducted by Unit 74455 of Russia’s GRU military intelligence agency.
In an indictment unsealed today, the US Justice Department said six members of the unit had played key roles in attacks on targets ranging from the 2018 Winter Olympics in South Korea to the 2017 French elections.
They were also accused of staging a malware attack called ‘NotPetya’ that infected computers of businesses worldwide causing nearly $1billion in losses.
In addition, they allegedly targeted investigations into the nerve agent poisoning of Russian former double agent Sergei Skripal and his daughter and carried out cyberattacks on media outlets and the parliament in Georgia.
The US Justice Department’s top national security official said the six GRU officers were responsible for ‘the most disruptive and destructive series of computer attacks ever attributed to a single group’.
Assistant Attorney General John Demers claimed members of the same GRU unit have been charged previously with seeking to disrupt the 2016 US elections but there were ‘no election interference allegations’ in this indictment.
British officials said the GRU hackers had also conducted ‘cyber reconnaissance’ operations against organisers of the 2020 Tokyo Games, which were originally scheduled to be held this year but postponed because of the coronavirus outbreak.
They declined to give specific details about the attacks or whether they were successful, but said they had targeted Games organisers, logistics suppliers and sponsors.
British Foreign Secretary Dominic Raab said: ‘The GRU’s actions against the Olympic and Paralympic Games are cynical and reckless. We condemn them in the strongest possible terms.’
FBI Deputy Director David Bowdich said: ‘The FBI has repeatedly warned that Russia is a highly capable cyber adversary, and the information revealed in this indictment illustrates how pervasive and destructive Russia’s cyber activities truly are.’
The British Government says it has evidence that the GRU carried out ‘cyber reconnaissance’ against organisers, logistics services and sponsors of the Olympics and Paralympics before they were postponed to next year
A poster showing six wanted Russian military intelligence officers is displayed as Assistant Attorney General for the National Security Division John Demers takes the podium to speak at a news conference at the Department of Justice
FBI Pittsburgh Special Agent in Charge Michael Christman said: ‘These criminals underestimated the power of shared intelligence, resources and expertise through law enforcement, private sector and international partnerships.’
Russia was banned from the world’s top sporting events for four years in December over widespread doping offences, including the Tokyo Games which were originally scheduled for this year but postponed due to the coronavirus outbreak.
Most wanted: The six Russian military officers charged with connection to global cyber attacks
Yuriy Sergeyevich Andrienko
Accused of developing components of the NotPetya and Olympic Destroyer malware;
Sergey Vladimirovich Detistov
Accused of developing components of the NotPetya malware, and preparing spearphishing campaigns targeting the 2018 PyeongChang Winter Olympic Games;
Pavel Valeryevich Frolov
Accused of developing components of the KillDisk and NotPetya malware;
Anatoliy Sergeyevich Kovalev
Accused of developing spearphishing techniques and messages used to target En Marche! officials, employees of the DSTL, members of the IOC and Olympic athletes, and employees of a Georgian media entity;
Artem Valeryevich Ochichenko
Accused of participating in spearphishing campaigns targeting 2018 PyeongChang Winter Olympic Games partners, and conducting technical reconnaissance of the Parliament of Georgia official domain and attempted to gain unauthorised access to its network;
Petr Nikolayevich Pliskin
Accused of developing components of the NotPetya and Olympic Destroyer malware
The attacks on the 2020 Games are the latest in a string of hacking attempts against international sporting organisations that Western officials say have been orchestrated by Russia since its doping scandal erupted five years ago. Moscow has repeatedly denied the allegations.
Britain and the US today said those attacks included a hack of the 2018 Winter Olympics opening ceremony in South Korea, which compromised hundreds of computers, took down Internet access and disrupted broadcast feeds.
The attack in South Korea had previously been linked to Russia by cybersecurity researchers but was made to look like the work of Chinese or North Korean hackers, Britain’s foreign ministry said in a statement.
‘The attacks on the 2020 Summer Games are the latest in a campaign of Russian malicious activity against the Olympic and Paralympic Games,’ it said.
‘The UK is confirming for the first time today the extent of GRU targeting of the 2018 Winter Olympic and Paralympic Games in Pyeongchang, Republic of Korea.’
The indictment accuses the defendants, all current and former officers in the GRU, in destructive attacks on Ukraine’s power grid.
It also accuses the officers of involvement in a hack-and-leak effort directed at the political party of French President Emmanuel Macron in the days leading up to the 2017 election.
The controversy known as the ‘Macron Leaks’ was the leak of over 20,000 emails linked to Macron’s campaign in the 2017 election in the days before his victory.
The involvement of bots raised questions about the possible involvement of Vladimir Putin and the Russian Government.
The leaks, which gained huge media attention in France, were shared by WikiLeaks and several Alt-right activists on Twitter, Facebook and others.
The indictment alleges they impeded an investigation into the suspected novichok poisoning of Sergei Skripal and his daughter Yulia in Skripal in 2018.
It does not charge the defendants in connection with interference in US elections, though the officers are part of the same military intelligence unit that prosecutors say interfered in the 2016 presidential election by hacking Democratic email accounts.
One of the six was among the Russian military intelligence officers charged with hacking in special counsel Robert Mueller’s investigation into Russian election interference.
FBI Deputy Director David Bowdich (left) said indictment shows ‘how destructive Russia’s cyber activities truly are’. British Foreign Secretary Dominic Raab (right) condemned Russia’s ‘cynical and reckless’ cyber attacks on the 2020 Tokyo Olympics and 2017 French election
A poster showing six wanted Russian military intelligent officers is displayed before a news conference at the Department of Justice
The 50-page indictment, filed in federal court in Pittsburgh, focuses instead on attacks that prosecutors said were aimed at promoting Russian’s own geopolitical interests.
It also accuses the hackers of destroying malicious software in 2017 that crippled computers around the globe, including at a Pennsylvania hospital and a pharmaceutical company.
The criminal conspiracy alleged by the Justice Department enables prosecutors to include allegations for victims that are not based in the US.
None of the six defendants is currently in custody, but the Justice Department in recent years has eagerly charged foreign hacker in absentia with the goal of creating a message of deterrence.
Those include cyber attacks that targeted the 2018 Winter Olympics in South Korea, where Russian athletes were banned because of a state-sponsored doping effort.
Britain’s National Cyber Security Centre (NCSC) said the GRU’s cyber unit attempted to disguise itself as North Korean and Chinese hackers when it targeted the opening ceremony of the Winter Games.
The cyber agency said the GRU used data-deletion malware in those attacks with the intention of sabotaging the running of both the Winter Olympic and Paralympic Games, as the malware was designed to wipe information from computers and to disable them.
The NCSC said administrators had worked to isolate the malware and replace affected computers, which had prevented any potential disruption.
The unit is known as the Main Centre for Special Technologies (GTsST), as well as by its field post number 74455 and a number of other names online, including Sandworm and VoodooBear.
The NCSC said the same unit is also responsible for an attack on the UK Foreign Office’s computer systems in March 2018, and another targeting the Defence and Science Technology Laboratory (DSTL) in April of the same year, which at the time was investigating the Salisbury Novichok poisoning.
‘No country has weaponised its cyber capabilities as maliciously and irresponsibly as Russia, wantonly causing unprecedented collateral damage to pursue small tactical advantages as fits of spite,’ said Assistant Attorney General Demers.
Other offensive cyber operations allegedly conducted by the GRU officers since 2015, according to the US Justice Department, included the global cyberattack known as NotPetya.
In 2017, destructive NotPetya malware spread globally out of Ukraine, infecting and locking up thousands of computers belonging to major corporations. Experts say NotPetya caused upwards of $1billion in losses.
At the time, companies publicly affected by NotPetya included FedEx Corporation and pharmaceutical giant Merck.
The Foreign Office says that Russian hackers also targeted the 2018 Winter Olympics and Paralympics in Pyeongchang in South Korea, including pretending to be working for North Korea and China in an attack on the opening ceremony (pictured)
Vladimir Putin chairs a Security Council meeting via video conference in Moscow
Russia’s latest ban was handed down last December, barring athletes from competing for four years over doping under its colours, including at the Tokyo Olympics and Paralympics, when they take place next year.
It came almost exactly two years after a similar ban stoped Russia from being represented in Pyeongchang.
It means the Russian flag and national anthem will also not be allowed at the 2022 World Cup in Qatar and the Beijing Winter Olympics.
But athletes untainted by the scandal will be allowed to compete independently under a neutral flag, as was the case during the 2018 Pyeongchang Olympics and last summer’s World Athletics Championships in Doha.
The World Anti-Doping Agency executive committee confirmed the decision at the International Olympic Committee headquarters in Lausanne, Switzerland.
The committee reached a unanimous decision to punish Russia after accusing Moscow of falsifying data from an anti-doping laboratory.
At the time Kremlin sports minister Pavel Kolobkov attributed the discrepancies in the laboratory data to technical issues and said the ban was politically motivated.
The state-run doping programme was exposed by media and WADA investigations after Russia hosted the 2014 Olympics in Sochi.