The alleged hackers are officers of the Russian Main Intelligence Directorate (GRU), a military intelligence agency of the General Staff of the Armed Forces, the Justice Department said.
Prosecutors said they attacked Ukraine; the country of Georgia; elections in France; efforts to hold Russia accountable for its use of a weapons-grade nerve agent, Novichok, on foreign soil; and the 2018 PyeongChang Winter Olympic Games after Russian athletes were banned from participating under their nation’s flag, as a consequence of Russian government-sponsored doping effort.
The United States District Court for the Western District of Pennsylvania issued a federal arrest warrant for each of these defendants upon the grand jury’s return of the indictment.
“The defendants’ and their co-conspirators caused damage and disruption to computer networks worldwide, including in France, Georgia, the Netherlands, Republic of Korea, Ukraine, the United Kingdom, and the United States,” prosecutors said.
They are all charged in seven counts: conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft.
One of the pieces of malware developed by the hackers took down the medical systems of Heritage Valley in Pennsylvania, prosecutors said.
From November 2015 to October 2019, “their computer attacks used some of the world’s most destructive malware to date, including: KillDisk and Industroyer, which each caused blackouts in Ukraine; NotPetya, which caused nearly $1 billion in losses to the three victims identified in the indictment alone; and Olympic Destroyer, which disrupted thousands of computers used to support the 2018 PyeongChang Winter Olympics,” prosecutors said.
The NotPetya malware, for example, spread worldwide, damaged computers used in critical infrastructure, and caused enormous financial losses. Those losses were only part of the harm, however. For example, the NotPetya malware impaired Heritage Valley’s provision of critical medical services to citizens of the Western District of Pennsylvania through its two hospitals, 60 offices, and 18 community satellite facilities.
The attack caused the unavailability of patient lists, patient history, physical examination files, and laboratory records. Heritage Valley lost access to its mission-critical computer systems (such as those relating to cardiology, nuclear medicine, radiology, and surgery) for approximately one week and administrative computer systems for almost one month, thereby causing a threat to public health and safety.
Yuriy Sergeyevich Andrienko, 32; Sergey Vladimirovich Detistov, 35; Pavel Valeryevich Frolov, 28; Anatoliy Sergeyevich Kovalev, 29; Artem Valeryevich Ochichenko, 27; and Petr Nikolayevich Pliskin, 32, face a maximum sentence of 27 years in prison for wire fraud.
They are wanted and assumed to be in Russia.
Prosecutors said Kovalev allegedly developed “spearphishing techniques and messages” to target: En Marche! officials; employees of the DSTL; members of the IOC and Olympic athletes; and employees of a Georgian media entity.”
Kolvalev was previously charged in a 2018 federal indictment number in Washington, DC, with conspiring to gain unauthorized access into the computers of US persons and entities involved in the administration of the 2016 US elections.
