U.S. Justice Department charges six Russian military intelligence officers in connection with worldwide cyberattacks

The United States has accused six officers from the Main Directorate of the General Staff of Russia’s Armed Forces (the GU, formerly known as the Main Intelligence Directorate or GRU) of involvement in a series of large-scale cyberattacks. According to the indictment, these Russian nationals are all officers in Unit 74455, which has been linked repeatedly to hacker attacks in the past, including by Washington. The U.S. Justice Department released the names of the Russian military intelligence officers in question, identifying them as Yuri Andrienko, Sergey Detistov, Pavel Frolov, Anatoly Kovalev, Artem Ochichenko, and Pyotr Paliskin. All six have been charged formally already. The Justice Department noted that one of the accused — Anatoly Kovalev — is also a defendant in the case on Russian interference in the 2016 U.S. presidential election.

According to the indictment, this group of Russian nationals has been attacking computer networks around the world for several years, in order to “support Russian government efforts to undermine, retaliate against, or otherwise destabilize” a number of countries. Specifically, the attacks were aimed at networks located in France, the Netherlands, South Korea, the United States, the United Kingdom, Georgia, and Ukraine.

• Ukraine. In 2015–2016 the accused carried out “destructive malware attacks” against Ukraine’s electric power grid, Finance Ministry, and State Treasury Service.
• France. In April and May 2017, ahead of the French elections, the accused carried out hack-and-leak attacks targeting President Emmanuel Macron’s party, as well as other French politicians and local governments.
• South Korea. In December 2017 and January 2018, ahead of the Winter Olympics in PyeongChang, the accused carried out attacks on International Olympic Committee (IOC) officials, as well as Olympic partners, visitors, and athletes, and South Korean citizens and officials. According to the indictment, they were also behind the Olympic Destroyer — a destructive malware attack targeting the opening ceremony.
• Georgia. In 2018, the accused carried out attacks targeting major local media companies. In 2019, they hacked into the networks of the country’s parliament.
• The United Kingdom. In April 2018, the accused carried out a phishing campaign targeting the British laboratories involved in the investigation into the Novichok poisoning of ex-spy Sergey Skripal. They also targeted the investigation being carried out by the Organization for the Prohibition of Chemical Weapons (OPCW).
• The United States. In June 2017, the accused carried out destructive attacks using a malware known as NotPetya, which targeted medical facilities and courier services in Pennsylvania. The attack caused nearly $1 billion in losses.

The United Kingdom made accusations against Russia’s military intelligence service simultaneously with the United States. According to London, the GU’s cyber unit tried to interfere in the 2020 Tokyo Olympics by carrying out cyberattacks on the Games’ organizers, logistics services, and sponsors. Moreover, in an attempt to divert suspicion, the Russian hackers left traces typical of North Korean and Chinese hackers. The UK didn’t release the specific names of the suspects involved in these cyberattacks. While the Japanese government has refrained from commenting so far, the IOC noted that the organizing committee of the Tokyo Games “is continuously subjected to cyberattacks of different scales” and that so far they haven’t caused any damage.

Russia denies the charges. The Russian Embassy in Washington said that the accusations “have nothing to do with reality and are only aimed at stirring up Russophobic sentiments in American society.” The diplomatic mission also lamented the fact that Washington’s actions are “consistently destroying the once pragmatic” bilateral relations between Russia and the US. Kremlin spokesman Dmitry Peskov also denied the accusations from both the U.S. and the UK, adding that the Kremlin “observes the tendency towards accusing Russia and the Russian intelligence services of everything and anything with regret.”