The alleged hackers are all members of the same military intelligence agency — the GRU — which was previously charged in connection with efforts to interfere in the 2016 U.S. presidential campaign. But the new indictment does not charge these members with U.S. election interference.
Rather, they stand accused of what Justice Department officials say who is the single most disruptive and destructive series of cyber attacks ever attributed to one group.
“No country has weaponized its cyber capabilities as maliciously and irresponsibly as Russia, wantonly causing unprecedented collateral damage to pursue small tactical advantages and to satisfy fits of spite,” Assistant Attorney General John Demers said in announcing the indictment.
The charges lay out a breathtaking series of attacks and attempts attributed to the group, also known as Unit 74455 and which cybersecurity researchers have dubbed the Sandworm Team. That group, authorities say, also hacked computers supporting the 2018 Winter Olympics in South Korea, hacked and leaked emails of individuals involved in French presidential candidate Emmanuel Macron’s campaign in 2017, and targeted the international and British organizations investigating the poisoning of former GRU officer Sergei Skripal in 2018 in Britain.
NotPetya, widely acknowledged as the most costly and destructive malware attack, was set loose in June 2017 to render inoperable computers used by banks, newspapers and power companies in Ukraine, a former Soviet country engaged in ongoing conflict with Russia. But the viral nature of the malware caused it to spread widely, infecting systems around the world and in the United States.
In particular, it infected computers at dozens of hospitals, doctors’ offices and medical facilities in western Pennsylvania as well as a large drugmaker and a FedEx subsidiary, which collectively suffered nearly $1 billion in losses, officials said.
The defendants are Yuriy Andrienko, 32; Sergey Detistov, 35; Pavel Frolov, 28; and Anatoliy Kovalev, 29. Kovalev also was indicted in 2018 by then-special counsel Robert S. Mueller III as part of an alleged conspiracy to hack American election systems during the 2016 presidential contest.