US Alleges Top Russian Cyber Hackers Tried To Cover Digital Tracks With Bitcoin
Russia’s most notorious state cyberhackers used bitcoin to cover their ties to critical hacking campaign “infrastructure” such as servers and domain names, according to an indictment unsealed Monday by U.S. prosecutors. US Alleges Top Russian Cyber Hackers Tried To Cover Digital Tracks With Bitcoin
- Six members of Russia’s state-run hacking teams who allegedly targeted “thousands” of victims across companies, political campaigns, governments and the 2018 Winter Olympics through Russian Military Unit 7445 are named in the suit.
- Prosecutors also allege they were responsible for 2017’s catastrophic “NotPetya” malware attack that caused billions of dollars in damage. Security researchers have made such claims before.
- NotPetya was based on the petya bitcoin ransomware exploit but with a malicious twist, prosecutors allege: “Even if victims paid the ransom ($300 worth of bitcoin), the Conspirators would not be able to decrypt and recover the victims’ computer files.”
Indictment Links Russian Hackers To Several Prominent Cyberattacks In Recent Years, Including The Global 2017 NotPetya Attack
Federal prosecutors on Monday unsealed charges against six Russian intelligence officers accused of engaging in widespread and destructive cyberattacks, including operations that allegedly knocked Ukraine’s energy grid offline, interfered in the presidential elections in France, and damaged computer systems world-wide in the costly 2017 NotPetya attack.
The indictment directly links Russia’s military intelligence, known as the GRU, to several of the most damaging cyberattacks in recent years, during which Moscow has become increasingly aggressive in using a range of cyber weapons to achieve its geopolitical aims and attempt to destabilize some of its rivals.
The GRU has previously been linked by U.S. authorities to the cyber interference operations during the 2016 election, but the new charges don’t involve that episode.
Many of the cyberattacks had been attributed to the Russian government before by independent governments or western officials, but not through criminal indictments. The defendants are charged with several criminal counts including conspiracy, computer hacking, wire fraud and aggravated identity theft.
“No country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite,” said Assistant Attorney General for National Security John C. Demers.
The charges also link Moscow to cyberattacks on the 2018 Winter Olympics in South Korea, where internet systems were disrupted during the opening ceremony in apparent retaliation for doping bans that had been placed on Russian athletes. The attack “combined the emotional maturity of a petulant child with the hacking skills of a nation state,” Mr. Demers said during a press call.
The charges, returned last week by a grand jury in Pittsburgh, additionally accuse the intelligence officers of a spearphishing campaign against the Organization for the Prohibition of Chemical Weapons and the U.K.’s Defence Science and Technology Laboratory in search of information related to investigations into the poisoning of former Russian spy Sergei Skripal, his daughter, and several U.K. citizens. And the charges accuse the hackers of targeting businesses and the government in the nation of Georgia.
The named defendants—Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko, and Petr Nikolayevich Pliskin—are all believed to be residents of Russia and couldn’t immediately be reached for comment. All six were placed on the FBI’s most wanted list.
Russia has denied Western allegations that it engages in destructive cyber operations against other nations.
The NotPetya operation, launched in June 2017, has been widely described by security analysts and government officials as the most destructive cyberattack. It combined ransomware and wiper software that destroyed data and invaded corporate networks mainly through a corrupted software update from a small firm in Ukraine. The attack crashed many systems world-wide and altered basic administrative data that made recovering downed computer systems difficult.
NotPetya cost businesses around the world billions of dollars. On Monday, authorities highlighted that the alleged damage to just three companies—Heritage Valley Health System, a FedEx Corp. subsidiary and a large U.S. pharmaceutical manufacturer—suffered collectively about $1 billion in losses.
The attack on Heritage Valley Health System disrupted medical care to some patients, officials said.
In the case of the 2017 French presidential election, the Russian officers leaked a tranche of emails belonging to then-candidate Emmanuel Macron two days before the country’s election, in an operation that resembled the hack-and-leak of Democratic emails during the 2016 U.S. presidential election.
US Alleges Top Russian,US Alleges Top Russian,US Alleges Top Russian,US Alleges Top Russian,US Alleges Top Russian,US Alleges Top Russian,US Alleges Top Russian,US Alleges Top Russian,