US Indicts GRU Officers for NotPetya, Olympics Attacks and More

The US government has indicted six Russian military officers accused of a slew of major cyber-attacks including NotPetya and attempted sabotage of the 2018 Winter Olympics, causing at least $1 billion in global losses.

The six Russian nationals are officers in Unit 74455 of the Russian Main Intelligence Directorate (GRU), also known as Sandworm and VoodooBear, according to the Department of Justice (DoJ).

Released on the same day the UK government revealed the GRU was also behind attacks on Tokyo Olympics officials and organizations, the indictment blames the six for multiple high-profile campaigns.

These include attacks on: French elections in 2017 aimed at discrediting Emmanuel Macron; investigations into the Novichok poisonings in Salisbury a year later; Ukrainian critical infrastructure in 2015 and 2016; and the Pyeongchang Winter Games of 2018.

They’re also tied to the infamous destructive NotPetya campaign, which began by targeting Ukrainian organizations but quickly spread via multinational companies’ VPNs around the world. The DoJ claimed that $1 billion was lost through the attacks from just three of the many victim organizations.

“No country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite,” said assistant attorney general for national security John Demers

“Today the department has charged these Russian officers with conducting the most disruptive and destructive series of computer attacks ever attributed to a single group, including by unleashing the NotPetya malware. No nation will recapture greatness while behaving in this way.”

Sam Curry, CSO at Cybereason, argued that the six would likely never face justice in a US courtroom.

“It's important to call out criminals and to set the groundwork for future diplomats, trade, foreign policy, and justice to finish the work. Finding a new geopolitical cyber norm is a multi-year and possibly multi-generational goal,” he continued.

“It's hard to believe that this behavior will lead to meaningful changes in Russian foreign policy, just as it hasn't with APT 10 and Chinese foreign policy; but the goal isn't just bringing the perpetrators to justice. The goal is to lay the building blocks for future work and a more peaceful, democratic, collaborative physical and cyber world one day."

What’s Hot on Infosecurity Magazine?