U.S. Charges 6 Russian Agents for Hacking That Cost Billions

(Bloomberg) -- The U.S. charged six current and former members of Russia’s military intelligence agency for allegedly carrying out some of the world’s most destructive hacking attacks from 2015 to 2019, including knocking out Ukraine’s power grid and causing almost $1 billion in damage to three American companies.

The hackers allegedly carried out attacks against the 2017 elections in France and the 2018 Pyeongchang Winter Olympic Games, according to an indictment unsealed by the Justice Department on Monday.

“According to the indictment, beginning in or around November 2015 and continuing until at least in or around October 2019, the defendants and their co-conspirators deployed destructive malware and took other disruptive actions, for the strategic benefit of Russia, through unauthorized access to victim computers,” the department said.

Read the grand jury indictment unsealed on Monday

The hackers from the military intelligence unit known as GRU allegedly spread what is known as NotPetya malware, which damaged computers used for critical infrastructure, including impairing the administration of medical services by a hospital system in Pennsylvania.

“The attack caused the unavailability of patient lists, patient history, physical examination files and laboratory records,” according to the department.

The NotPetya attack also caused about $400 million in damages to a subsidiary of FedEx Corp. and more than $500 million in damages to a large U.S. pharmaceutical manufacturer, which the indictment didn’t identify. Merck & Co. has been previously identified as one of the targets.

None of the charges involved the current U.S. presidential campaign, although the FBI and other agencies say Russia continues trying to interfere in U.S. politics.

“No country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and fits of spite,” John Demers, head of the department’s national security division, told reporters during a news conference on Monday.

Demers said the release of the indictment wasn’t particularly intended to send a message to Russia against interfering in the 2020 election. He said U.S. agencies haven’t seen evidence that hackers can compromise voting in this year’s election.

“Americans should be confident that a vote cast for their candidate will be counted for that candidate,“ Demers said.

Kremlin spokesman Dmitry Peskov said Russia “has never conducted any hacking attacks,” calling the charges a reflection of “blatant Russophobia.”

The Justice Department also said the investigation was aided by social media companies Facebook Inc. and Twitter Inc., as well as Alphabet Inc.’s Google and Cisco Systems Inc.

‘Voodoo Bear’

The hackers are part of a group known variously as “Sandworm Team” and “Voodoo Bear” among cybersecurity experts. The group’s espionage and sabotage hacking operations are “highly advanced” and consistent with “Russian economic and national objectives,” according to an analysis by the firm Crowdstrike Inc. The group has an interest in “targeting critical systems” and disrupting infrastructure, according to an analysis by the firm FireEye Inc.

The timing of the indictment, weeks before the U.S. presidential election, is notable. A separate hacking unit that is associated with Russia’s GRU meddled in the 2016 U.S. election, and Microsoft Corp. recently found that group attempting to hack political targets ahead of the 2020 election.

In addition, one of the defendants in the indictment unsealed on Monday was also charged in 2018 by the U.S. for hacking tied to the 2016 election. He conspired “to gain unauthorized access into the computers of U.S. persons and entities involved in the administration of the 2016 U.S. elections,” according to the Justice Department.

The U.S. intelligence community has assessed that Russia is attempting to help President Donald Trump succeed and hurt his rival, former Vice President Joe Biden. The U.S. also indicted hackers from GRU in October 2018, before the midterm elections. Russia denies any role.

The U.K.’s Foreign Office said Monday that the GRU had conducted “cyber reconnaissance against officials and organizations” involved in the 2020 Olympic and Paralympic Games that were to take place in Tokyo over the summer. The games were postponed because of the coronavirus pandemic. The Foreign Office added that the GRU tried to make it look like its attacks on the 2018 Winter Games in South Korea was the work of North Korean and Chinese operatives.

“The GRU’s actions against the Olympic and Paralympic Games are cynical and reckless. We condemn them in the strongest possible terms,” Foreign Secretary Dominic Raab said. “The U.K. will continue to work with our allies to call out and counter future malicious cyber attacks.”

(Updates with Russia reaction in 10th paragraph.)

For more articles like this, please visit us at bloomberg.com

Subscribe now to stay ahead with the most trusted business news source.

©2020 Bloomberg L.P.