Clickability tracking pixel

Russian Officers Indicted in Pittsburgh for Cyberattack

Federal prosecutors in Pittsburgh have indicted six Russian military intelligence officers, all current or former members of the Russian Main Intelligence Directorate, with computer attacks worldwide dating to 2015.

by Torsten Ove, Pittsburgh Post-Gazette / October 20, 2020
Shutterstock/Zolnierek

(TNS) — Federal prosecutors in Pittsburgh have indicted a group of six Russian military intelligence officers, all current or former members of the Russian Main Intelligence Directorate, or GRU, with computer intrusion attacks worldwide dating to 2015.

Among the victims in 2017 were Heritage Valley Health System in Western Pennsylvania, which spent $2 million to repair damage by the malware, U.S. Attorney  Scott Brady  said at a Monday news conference in Washington, D.C.

Mr. Brady  and other officials said the Russian officers are part of the same unit that the Justice Department said attempted to disrupt the 2016 election and the 2018 Olympics after Russian athletes had been banned for doping.

The Justice Department said defendants, all former or current members of Unit 74455 based in Moscow, unleashed the NotPetya malware. The attacks caused nearly $1 billion in losses to three victims alone that are mentioned in the indictment. In addition to Heritage Valley, they are TNT Express B.V. (a FedEx subsidiary) and an unnamed U.S. pharmaceutical maker that paid $500 million to fix the damage.

Officials said there are hundreds of other victims around the world.

The conspirators also are accused of using KillDisk and Industroyer to cause blackouts of the electric grid in Ukraine, and Olympic Destroyer, which disrupted computers used to support the 2018 Winter Olympics in Pyeongchang, South Korea.

The six defendants are charged with conspiracy against the United States, computer hacking, identity theft and other counts related to malware attacks.

The case, investigated by the Pittsburgh FBI and its counterparts in Atlanta and Oklahoma City, was handed up by a grand jury in Pittsburgh under seal on Oct. 15 and announced Monday by Assistant Attorney General  John Demers , who was joined by  Mr. Brady , FBI Deputy Director  David Bowdich  and  Michael Christman , special agent in charge of the Pittsburgh FBI office.

The defendants are  Yuriy Sergeyevich Andrienko , 32; Sergey Vladimirovich Detistov, 35;  Pavel Valeryevich Frolov , 28;  Anatoliy Sergeyevich Kovalev , 29; Artem Valeryevich Ochichenko, 27, and  Petr Nikolayevich Pliskin , 32.

In addition to the NotPetya attacks on businesses and the hacking of Ukrainian institutions and the Olympics, the indictment accuses the alleged conspirators of computer attacks on the French elections in 2017 and April 2018 spear-phishing campaigns targeting investigations by the Organisation for the Prohibition of Chemical Weapons in the Netherlands and a U.K. investigation into the poisoning of double agent Sergei Skripal, his daughter and several U.K. citizens in Salisbury, England.

The defendants also are accused of perpetrating the 2018 spear-phishing campaign that targeted a Georgian media company and a 2019 attack on the Georgian parliament and other Georgian entities.

"No country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite," said  Mr. Demers  in announcing the charges at a video news conference.

Mr. Brady  said that federal authorities have been working for two years to expose the Russian officers, saying the military officers carried out the most destructive cyberattacks in history.

"The crimes committed by Russian government officials were against real victims who suffered real harm," he said. "We have an obligation to hold accountable those who commit crimes -- no matter where they reside and no matter for whom they work -- in order to seek justice on behalf of these victims."

In the case of Heritage Valley, prosecutors said the NotPetya malware impaired the hospital's computers at its two hospitals, 60 offices and 18 community facilities.  Mr. Brady  said Heritage Valley lost its computer systems for cardiology, nuclear medicine, radiology and surgery for a week and its administrative systems for a month in 2017.

Federal agents were aided in the investigation by Google's Threat Analysis GroupCisco's Talos Intelligence Group, Facebook and Twitter.

The case has been assigned to U.S. District Judge  Robert Colville  in Pittsburgh.

One of the defendants,  Mr. Kovalev , was previously charged in 2018 in the District of Columbia with conspiring to hack computers connected to the 2016 U.S. election.

(c)2020 the Pittsburgh Post-Gazette. Distributed by Tribune Content Agency, LLC.

Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.

E.REPUBLIC Platforms & Programs