Six Russian military officers have been charged in what the Justice Department says was a hacking scheme to attack several major foreign powers, former Soviet republics and subvert investigations into nefarious activities by the Kremlin.
The alleged cyberattackers hacked into software using destructive malware to black out thousands of computers and cause nearly $1 billion in losses, and were intended to support Russian government efforts to undermine, retaliate against, or otherwise destabilize worldwide computer networks, the Justice Department said.
The alleged hackers are officers of the Russian Main Intelligence Directorate (GRU), a military intelligence agency of the General Staff of the Armed Forces. Monday’s charges allege some of the most consequential political attacks levied by the Kremlin since its efforts to interfere in the 2016 US presidential election, including the hacking of Democratic Party email accounts.
Prosecutors said they attacked Ukraine; the country of Georgia; elections in France; efforts to hold Russia accountable for its use of a weapons-grade nerve agent, Novichok, on foreign soil; and the 2018 PyeongChang Winter Olympic Games after Russian athletes were banned from participating under their nation’s flag, as a consequence of Russian government-sponsored doping effort.
The United States District Court for the Western District of Pennsylvania issued a federal arrest warrant for each of these defendants upon the grand jury’s return of the indictment.
“The defendants’ and their co-conspirators caused damage and disruption to computer networks worldwide, including in France, Georgia, the Netherlands, Republic of Korea, Ukraine, the United Kingdom, and the United States,” prosecutors said.
They are all charged in seven counts: conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft.
One of the pieces of malware developed by the hackers took down the medical systems of Heritage Valley in Pennsylvania, prosecutors said.
From November 2015 to October 2019, “their computer attacks used some of the world’s most destructive malware to date, including: KillDisk and Industroyer, which each caused blackouts in Ukraine; NotPetya, which caused nearly $1 billion in losses to the three victims identified in the indictment alone; and Olympic Destroyer, which disrupted thousands of computers used to support the 2018 PyeongChang Winter Olympics,” prosecutors said.
The NotPetya malware, for example, spread worldwide, damaged computers used in critical infrastructure, and caused enormous financial losses. Those losses were only part of the harm, however. For example, the NotPetya malware impaired Heritage Valley’s provision of critical medical services to citizens of the Western District of Pennsylvania through its two hospitals, 60 offices, and 18 community satellite facilities.
The attack caused the unavailability of patient lists, patient history, physical examination files, and laboratory records. Heritage Valley lost access to its mission-critical computer systems (such as those relating to cardiology, nuclear medicine, radiology, and surgery) for