The U.S. Department of Justice announced criminal charges against a conspiracy of Russian military intelligence officers who stand accused for the 2017 “Notpetya” malware attack.
The defendants in this case were all members of Military Unit 74455 of the Russian Main Intelligence Directorate, an intelligence agency known as the GRU. The Department previously charged members of this same unit, also known to cybersecurity researchers as “Sandworm Team,” for their role in Russia’s efforts to interfere in the 2016 U.S. elections.
On July 27, 2017, the cyber attack hit Maersk, causing IT system outages across its business units. The company estimated the cost of the attack at $200 million to $300 million as it disrupted its container shipping operations for weeks.
The malware campaign in December of 2015 and 2016, when the conspirators launched destructive malware attacks against the electric power grid in Ukraine.
From there, the conspirators widened to encompass virtually the whole world. In what is commonly referred to as the most destructive and costly cyber attack ever, the conspirators unleashed the “NotPetya” malware. Although it masqueraded as ransomware, designed to extort money, this was a false flag: the co-conspirators designed the malware to spread, bringing down entire networks in seconds and searching for remote computer connections.
Next, the conspirators turned their sights on the Winter Olympics. They conducted spearphishing campaigns against South Korea, the host of the 2018 PyeongChang Winter Olympic Games, as well as the International Olympic Committee, Olympic partners, and athletes. Then, during the opening ceremony, they launched the “Olympic Destroyer” malware attack, which deleted data from thousands of computers supporting the Games, rendering them inoperable.
These malware attacks, and related preparations, were not the conspirators’ only malicious conduct alleged in the indictment. The conspirators also supported a hack-and-leak operation in the days leading up to the 2017 French elections. And the conspirators continued their attacks as recently as October 2019, targeting government and non-government websites in the country of Georgia.
