Six Russian Hackers Identified and Charged by the U.S. DoJ

• Six hackers who reside in Russia and are believed to be state-supported actors have been identified.
• The particular persons are accused of being involved in numerous high-profile cyber-attacks from 2017 and onwards.
• Although the six have been identified and linked to specific malicious campaigns, it is unlikely that they will ever be sentenced.

The U.S. Department of Justice has announced the names of six Russian hackers who have taken part in various cyber-attacks from 2017 until today. More specifically, the identified hackers are believed to belong in “Unit 74455” of the GRU (Russian Main Intelligence Directorate), also known as “Fancy Bear” or “Sandworm,” and also reported as APT28.

In 2020 alone, we reported about GRU activity or at least incidents attributed to them with relative confidence, including the accessing of Angela Merkel’s emails, the stealing of nuclear missile secrets, and an attack against ‘Burishma Holdings.’

Related: U.S. Department of Justice Charges Russian and Chinese Hackers

The DoJ’s indictment mentions the following cyberattacks that have been confirmed to involve the six hackers.

• 2015 – 2016: Malware attacks against Ukraine’s electric power grid, Ministry of Finance, and State Treasury Service.
• April to May 2017: Spearphishing campaigns against “La République En Marche!” political party and the French government.
• June 2017: Malware attacks against the Heritage Valley Health System in Pennsylvania, TNT Express, FedEx, hospitals, medical facilities, and a large U.S. pharmaceutical manufacturer.
• December 2017 – February 2018: Spearphishing campaigns against South Korean citizens and officials, Olympic athletes, partners, visitors, and members of the International Olympic Committee.
• December 2017 – February 2018: Intrusions and malware attacks against computers supporting the 2018 PyeongChang Winter Olympic Games.
• April 2018: Spearphishing campaigns against investigators (OPCW, DSTL) of the “Novichok Poisoning” incident in the U.K.
• 2019: Defacement campaign and spearphishing against a major media company and the network of Parliament in Georgia.

The six that have been named by the American law enforcement agencies are:

Yuriy Sergeyevich Andrienko – malware author
Sergey Vladimirovich Detistov – malware author and phishing campaign orchestrator
Pavel Valeryevich Frolov – malware author
Anatoliy Sergeyevich Kovalev – phishing techniques developer
Artem Valeryevich Ochichenko – phishing actor and technical reconnaissance expert
Petr Nikolayevich Pliskin – malware author

The counts the above hackers are facing incur maximum imprisonment sentences of up to 20 years each. Still, it is highly unlikely that these people will ever find themselves in a U.S. court anyway.

The Justice Department mentions numerous entities' help to help them identify the above persons, including the Ukrainian authorities, the Governments of the Republic of Korea and New Zealand, Georgian authorities, and the United Kingdom’s intelligence services, as well as many of the FBI’s Legal Attachés. Also, Google’s Threat Analysis Group (TAG), Cisco’s Talos Intelligence Group, Facebook, and Twitter.

Digital Shadows’ Threat Researcher Kacey Clark has shared the following comment with us: