Fotokon / Shutterstock.com
The U.S. Department of Justice has handed out criminal charges against six Russian military intelligence officers allegedly responsible for the 2017 “Notpetya” malware attack which, among other things, disrupted the shipping operations of Maersk, the world’s top shipping line.
The “Notetya” attack is regarded as one of the most destructive and costly cyber attacks in history. The charges were announced Monday by the Assistant Attorney General For National Security, John C. Demers.
The defendants in this case were all members of Military Unit 74455, a unit of the Russian Main Intelligence Directorate, an intelligence agency known as the GRU. The Department previously charged members of the same unit, also known to cybersecurity researchers as “Sandworm Team,” for their role in Russia’s efforts to interfere in the 2016 U.S. elections.
The charges announced Monday, however, are unrelated to allegations of election interference. Instead, they show how Unit 74455’s election interference was only a single part of a persistent, sophisticated hacking group that was “busy sabotaging perceived enemies or detractors of the Russian Federation, regardless of the consequences to innocent bystanders or their destabilizing effect,” said Demers.
The malware campaign led by the group began in December 2015 and 2016, when the group launched destructive malware attacks against the electric power grid in Ukraine. From there, their destructive path widened to encompass virtually the whole world, according the Justice Department.
On July 27, 2017, the cyber attack hit the Maersk, causing IT system outages across Maersk’s business units. Maersk later estimated the cost of the attack at $200 million to $300 million as it disrupted its container shipping operations for weeks.
A fascinating in-depth look at the cyber attack Maersk was detailed in Wired article in 2018.
“In what is commonly referred to as the most destructive and costly cyber attack ever, the conspirators unleashed the ‘NotPetya’ malware. Although it masqueraded as ransomware, designed to extort money, this was a false flag: the co-conspirators designed the malware to spread with devastating and indiscriminate alacrity – bringing down entire networks in seconds and searching for remote computer connections through which to attack additional innocent victims, all without hope of recovery or repair. The entirely foreseeable result was that the worm quickly spread globally, shutting down companies and inflicting immense financial harm. This irresponsible conduct impaired the ability of companies in critical sectors, such as transportation and health, to provide services to the public–not only in Ukraine, but as far away as Western Pennsylvania,” Demers said Monday in announcing the charges.
The attackers then turned their sites on the 2018 Winter Olympics.
“They conducted spearphishing campaigns against South Korea, the host of the 2018 PyeongChang Winter Olympic Games, as well as the International Olympic Committee, Olympic partners, and athletes. Then, during the opening ceremony, they launched the ‘Olympic Destroyer’ malware attack, which deleted data from thousands of computers supporting the Games, rendering them inoperable,” Demers said.
They then led a hack-and-leak operation in the days leading up to the 2017 French elections and, as recently as October 2019, targeted government and non-government websites in the country of Georgia.
“Today’s allegations, in their entirety, provide a useful lens for evaluating Russia’s offer two weeks ago of a cyber ‘reset’ between Russia and the United States. Russia is certainly right that technologically sophisticated nations that aspire to lead have a special responsibility to secure the world order and contribute to widely accepted norms, peace and stability. That’s what we’re doing here today. But this indictment lays bare Russia’s use of its cyber capabilities to destabilize and interfere with the domestic political and economic systems of other countries, thus providing a cold reminder of why its proposal is nothing more than dishonest rhetoric and cynical and cheap propaganda,” Demers added.
Sign up for our newsletter