Officials called the operations “the most destructive and costly” in history.
The Justice Department Monday announced an indictment against six Russia GRU officers charged with engaging in a series of hacking and malware deployment operations to attack other countries’ infrastructure, elections and other actions designed to further Russia’s interests.
The indictment specifically accuses the six alleged hackers of engaging in computer intrusions “intended to support Russian government efforts to undermine, retaliate against or otherwise destabilize” Ukraine, Georgia, elections in France, the 2018 PyeongChang Olympic Games and international efforts to hold Russia accountable for its use of the nerve agent Novichok on foreign soil.
According to the Justice Department, several members of the same military group were previously charged for their role in Russia’s efforts to interfere in the 2016 election, though the allegations in Monday’s indictment do not relate to U.S. election interference.
U.S. officials at virtual press conference at DOJ described the hacking campaign as among “the most destructive and costly cyber-attacks in history,” dealing with “some of the world’s most destructive malware to date.”
Assistant Attorney General for National Security John Demers argued the allegations prove why the U.S. should ignore a recent offer extended by Russia calling for a cyber “reset” between the two countries.
“This indictment lays bare Russia’s use of its cyber capabilities to destabilize and interfere with the domestic political and economic systems of other countries, thus providing a cold reminder of why its proposal is nothing more than dishonest rhetoric and cynical and cheap propaganda,” Demers said.
Some of the malware deployed by the officers, according to prosecutors, included Killdisk, Industroyer and NotPetya, believed to be the most costly and destructive cyber attack in history which led to nearly $1 billion in losses for three victims named in the indictment — including the Heritage Valley health system in Pennsylvania.
“The attack caused the unavailability of patient lists, patient history, physical examination files, and laboratory records,” the DOJ said in a press release. “Heritage Valley lost access to its mission-critical computer systems (such as those relating to cardiology, nuclear medicine, radiology, and surgery) for approximately one week and administrative computer systems for almost one month, thereby causing a threat to public health and safety.”
The group also is alleged to have engaged in a spearphishing campaign targeting the 2018 Winter Olympic Games, launching what officials described as the “Olympic Destroyer” malware attack during the opening ceremony that deleted data from thousands of computers supporting the games.
“The conspirators, feeling the embarrassment of international penalties related to Russia’s state-sponsored doping program, i.e., cheating, took it upon themselves to undermine the games,” Demers said. “Their cyber attack combined the emotional maturity of a petulant child with the resources of a nation state.”
Later in the press conference, Demers was asked whether the U.S. has any evidence of intelligence that the GRU might seek to carry out similar operations targeting the upcoming election.
“With respect to the elections that are coming up, you know we haven’t seen anything that caused us to question what we’ve I think repeatedly said and what the intelligence community’s repeatedly said — that Americans should be confident that a vote for their candidate will be counted for that candidate,” Demers answered.