1.9 C
Monday, January 25, 2021
Home News US Justice Department indicts Russian spies in 2017 NotPetya attack

US Justice Department indicts Russian spies in 2017 NotPetya attack

Six officers from the Russian Main Intelligence Directorate (GRU), a military intelligence agency of the general staff of the armed forces, have been charged in connection with worldwide hacking attacks, including the NotPetya ransomware offence that penetrated Maersk's IT systems in June 2017.

On 15 October, a federal grand jury in Pittsburgh returned an indictment charging six computer hackers, all of whom were residents and nationals of Russia and officers in Unit 74455 of the GRU, said the US Justice Department in its statement.

The computer hackers used some of the world’s most destructive malware to date, according to the US Justice Department, including NotPetya that cost Maersk in the region of US$300 million in lost revenues.

As a result of the cyber hack, cargo was left on quaysides, booking services were disrupted, Maersk's terminal operator APM Terminals shut down several ports, including its facility in Rotterdam, while empty containers needed repositioning.

“The cyber attack made it necessary to invest in chartered tonnage to bring fluidity to the network. There were bottlenecks in certain areas so we had to hire extra capacity to help with the movement of cargo,” explained Maersk's Vincent Clerc some months after the attack. “These were “short-term charters through the course of the [third] quarter and we are still using some of that tonnage to re-position empties, but they are gradually being phased out,” Clerc added.

It was suggested at the time that the NotPetya attack was similar to an earlier Petya attack which hit the UK health service, the National Health Service (NHS), and one ethical hacker said that a Microsoft patch created for the Petya attack would have prevented the NotPetya virus from infiltrating Maersk's systems.

At the time Clerc rejected this view, saying the NotPetya bug was “a day-zero virus” so the means to control it were developed as the attack was taking place, and he maintained that all the patches from Microsoft were in place.

Though he went on to say, that the NotPetya attack had caught the company with “certain parts of the estate not sufficiently protected”, adding that parts of the system, such as Damco, were “heavily impacted” by the attack because it sells itself through having high visibility and being open to customers, which meant it was more open to the effects.

The indictment charges the defendants with conspiracy, computer hacking, wire fraud, aggravated identity theft, and false registration of a domain name.

Justice Department officials said these GRU hackers and their co-conspirators engaged in computer intrusions and attacks intended to support Russian government efforts to destabilise Ukraine and Georgia, undermine elections in France, hold Russia accountable for its use of a weapons-grade nerve agent, Novichok, on foreign soil and retaliate against the ban of the Russian flag in 2018 PyeongChang Winter Olympic Games.

"No country has weaponised its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite," said assistant attorney general for national security, John C. Demers.

According to the indictment, beginning in or around November 2015 and continuing until at least in or around October 2019, the defendants and their co-conspirators deployed destructive malware and took other disruptive actions, for the strategic benefit of Russia, through unauthorised access to victims' computers.

As alleged, the conspiracy was responsible for the following destructive, disruptive, or otherwise destabilising computer intrusions and attacks:

  • Ukrainian Government & Critical Infrastructure
  • French Elections
  • Worldwide Businesses and Critical Infrastructure (NotPetya)
  • PyeongChang Winter Olympics Hosts, Participants, Partners, and Attendees:
  • PyeongChang Winter Olympics IT Systems (Olympic Destroyer)
  • Novichok Poisoning Investigations
  • Georgian Companies and Government Entities

"The FBI has repeatedly warned that Russia is a highly capable cyber adversary, and the information revealed in this indictment illustrates how pervasive and destructive Russia’s cyber activities truly are," added Federal Βureau οf Ιnνestigatiοn (FBI) deputy director, David Bowdich.

Six men aged between 27 and 35,  have been placed on the FBI’s wanted list following the announcement of the US Justice Department.

Главпост - Свежие и главные новости

The six accused hackers are all allegedly members of Unit 74455, a cyber hacking division of Russia’s intelligence services which goes a number of other names including Sandworm, BlackEnergy Group and Voodoo Bear, according to a statement by the US customs.

They are all charged with seven counts: conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft. Each defendant is charged with every count. The charges contained in the indictment are merely accusations, however, and the defendants are presumed innocent unless and until proven guilty beyond a reasonable doubt.

The indictment accuses each defendant of committing the following overt acts in furtherance of the charged crimes:

DefendantSummary of Overt Acts
Yuriy Sergeyevich Andrienko
  • Developed components of the NotPetya and Olympic Destroyer malware
Sergey Vladimirovich Detistov
  • Developed components of the NotPetya malware
  • Prepared spearphishing campaigns targeting the 2018 PyeongChang Winter Olympic Games
Pavel Valeryevich Frolov
  • Developed components of the KillDisk and NotPetya malware
Anatoliy Sergeyevich Kovalev
  • Developed spearphishing techniques and messages used to target:

-  En Marche! officials

-  employees of the DSTL

-  members of the IOC and Olympic athletes

-  employees of a Georgian media entity

Artem Valeryevich Ochichenko
  • Participated in spearphishing campaigns targeting 2018 PyeongChang Winter Olympic Games partners
  • Conducted technical reconnaissance of the Parliament of Georgia official domain and attempted to gain unauthorized access to its network
Petr Nikolayevich Pliskin
  • Developed components of the NotPetya and Olympic Destroyer malware

The defendants and their co-conspirators caused damage and disruption to computer networks worldwide, including in France, Georgia, the Netherlands, Republic of Korea, Ukraine, the United Kingdom, and the US, noted the Justice Department.

- Advertisment - LR Sustainability Decarbonisation Digital Adverts

Latest Posts

​OOIL to issue new shares on the market

Orient Overseas International Limited (OOIL) has entered into a Placing and Subscription Agreement with Faulkner Global Holdings Limited, its immediate parent company and part...

Updated: IMO Condemns Mozart pirates in escalation of African Piracy

In a significant escalation in West African pirate attacks, one crew member has been killed, while 15 seafarers have been kidnapped, on the container...

CU Lines guarantees equipment for maiden Asia-North Europe service

China United Lines (CULines) is assuring all shippers that it has enough containers to go around as it launches a solo Asia-North Europe service. In...

Port of Rotterdam test smart mooring system

The Port of Rotterdam has installed a smart bollard, developed in collaboration with the mooring and dredging company Straatman BV, along the quay of...

Busan Port Authority to build a new warehouse at the Probolinggo Port

Busan Port Authority (BPA) will establish and operate a bonded warehouse at the Probolinggo Port in East Java in order to expand its logistics...