Six hackers who reside in Russia and are believed to be state-supported actors have been identified.
The particular persons are accused of being involved in numerous high-profile cyber-attacks from 2017 and onwards.
Although the six have been identified and linked to specific malicious campaigns, it is unlikely that they will ever be sentenced.
The U.S. Department of Justice has announced the names of six Russian hackers who have taken part in various cyber-attacks from 2017 until today. More specifically, the identified hackers are believed to belong in “Unit 74455” of the GRU (Russian Main Intelligence Directorate), also known as “Fancy Bear” or “Sandworm,” and also reported as APT28.
In 2020 alone, we reported about GRU activity or at least incidents attributed to them with relative confidence, including the accessing of Angela Merkel’s emails, the stealing of nuclear missile secrets, and an attack against ‘Burishma Holdings.’
The DoJ’s indictment mentions the following cyberattacks that have been confirmed to involve the six hackers.
2015 – 2016: Malware attacks against Ukraine’s electric power grid, Ministry of Finance, and State Treasury Service.
April to May 2017: Spearphishing campaigns against “La République En Marche!” political party and the French government.
June 2017: Malware attacks against the Heritage Valley Health System in Pennsylvania, TNT Express, FedEx, hospitals, medical facilities, and a large U.S. pharmaceutical manufacturer.
December 2017 – February 2018: Spearphishing campaigns against South Korean citizens and officials, Olympic athletes, partners, visitors, and members of the International Olympic Committee.
December 2017 – February 2018: Intrusions and malware attacks against computers supporting the 2018 PyeongChang Winter Olympic Games.
April 2018: Spearphishing campaigns against investigators (OPCW, DSTL) of the “Novichok Poisoning” incident in the U.K.
2019: Defacement campaign and spearphishing against a major media company and the network of Parliament in Georgia.
The six that have been named by the American law enforcement agencies are:
Yuriy Sergeyevich Andrienko – malware author Sergey Vladimirovich Detistov – malware author and phishing campaign orchestrator Pavel Valeryevich Frolov – malware author Anatoliy Sergeyevich Kovalev – phishing techniques developer Artem Valeryevich Ochichenko – phishing actor and technical reconnaissance expert Petr Nikolayevich Pliskin – malware author
The counts the above hackers are facing incur maximum imprisonment sentences of up to 20 years each. Still, it is highly unlikely that these people will ever find themselves in a U.S. court anyway.
The Justice Department mentions numerous entities' help to help them identify the above persons, including the Ukrainian authorities, the Governments of the Republic of Korea and New Zealand, Georgian authorities, and the United Kingdom’s intelligence services, as well as many of the FBI’s Legal Attachés. Also, Google’s Threat Analysis Group (TAG), Cisco’s Talos Intelligence Group, Facebook, and Twitter.
Digital Shadows’ Threat Researcher Kacey Clark has shared the following comment with us:
The tactics employed in Sandworm's campaigns align with GRU's philosophy of leveraging aggressive and sometimes destructive cyberattacks. The charges filed against Sandworm represent not only the first criminal charges against Sandworm for its most destructive attacks but the first time that most of the charged threat actors have been publicly identified as members of the cybercriminal group. They also represent Sandworm's first global law enforcement reaction to their deployment of the NotPetya ransomware that has crippled networks worldwide.
According to the Government Communications Headquarters (GCHQ), Russia is assessed as a highly competent threat actor with demonstrated potential to carry out operations that have a myriad of impacts across any industry. Russia has been carrying out disruptive cyber activities to establish itself forcefully in various ways, including seeking to disrupt other countries' elections.
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: