Six Russian Hackers Identified and Charged by the U.S. DoJ

Last updated September 28, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

The U.S. Department of Justice has announced the names of six Russian hackers who have taken part in various cyber-attacks from 2017 until today. More specifically, the identified hackers are believed to belong in “Unit 74455” of the GRU (Russian Main Intelligence Directorate), also known as “Fancy Bear” or “Sandworm,” and also reported as APT28.

In 2020 alone, we reported about GRU activity or at least incidents attributed to them with relative confidence, including the accessing of Angela Merkel’s emails, the stealing of nuclear missile secrets, and an attack against ‘Burishma Holdings.’

Related: U.S. Department of Justice Charges Russian and Chinese Hackers

The DoJ’s indictment mentions the following cyberattacks that have been confirmed to involve the six hackers.

The six that have been named by the American law enforcement agencies are:

Yuriy Sergeyevich Andrienko – malware author
Sergey Vladimirovich Detistov – malware author and phishing campaign orchestrator
Pavel Valeryevich Frolov – malware author
Anatoliy Sergeyevich Kovalev – phishing techniques developer
Artem Valeryevich Ochichenko – phishing actor and technical reconnaissance expert
Petr Nikolayevich Pliskin – malware author

Source: ZDNet

The counts the above hackers are facing incur maximum imprisonment sentences of up to 20 years each. Still, it is highly unlikely that these people will ever find themselves in a U.S. court anyway.

The Justice Department mentions numerous entities' help to help them identify the above persons, including the Ukrainian authorities, the Governments of the Republic of Korea and New Zealand, Georgian authorities, and the United Kingdom’s intelligence services, as well as many of the FBI’s Legal Attachés. Also, Google’s Threat Analysis Group (TAG), Cisco’s Talos Intelligence Group, Facebook, and Twitter.

Digital Shadows’ Threat Researcher Kacey Clark has shared the following comment with us:

The tactics employed in Sandworm's campaigns align with GRU's philosophy of leveraging aggressive and sometimes destructive cyberattacks. The charges filed against Sandworm represent not only the first criminal charges against Sandworm for its most destructive attacks but the first time that most of the charged threat actors have been publicly identified as members of the cybercriminal group. They also represent Sandworm's first global law enforcement reaction to their deployment of the NotPetya ransomware that has crippled networks worldwide.

According to the Government Communications Headquarters (GCHQ), Russia is assessed as a highly competent threat actor with demonstrated potential to carry out operations that have a myriad of impacts across any industry. Russia has been carrying out disruptive cyber activities to establish itself forcefully in various ways, including seeking to disrupt other countries' elections.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: