[ad_1]
Six intelligence officers from Russia’s GRU Main Center for Special Technologies (GTsST), known as Sandworm, Telebots, Voodoo Bear or Iron Viking, have been indicted in the US for a series of destructive cyber attacks carried out in name of the Russian state.
The Advanced Persistent Threats (APT) group was active from approximately November 2015 to October 2019 and during that time is accused of carrying out an extensive campaign of cyberattacks designed to advance Russia’s strategic interests and undermine and destabilize various targets.
These included the governments of Georgia and Ukraine, the 2017 spring French elections, the 2018 Winter Olympics in Pyeongchang, South Korea, and investigations into Russia’s use of the Novichok chemical weapon in an attack on the United Kingdom. , which killed a person.
The group used some of the most destructive strains of malware ever seen, including KillDisk and Industroyer, which were used in attacks on Ukraine’s power grid; Olympic Destrroyer, which disrupted the Olympics; and NotPetya, which caused nearly $ 1 billion in losses to high-profile victims, including logistics giant Maersk.
The indictment charges them with conspiracy, hacking, wire fraud, aggravated identity theft, and false domain name registration. The six are named Yuriy Andrienko, Sergey Detistov, Pavel Frolov, Anatoliy Kovalev, Artem Ochichenko, and Petr Pliskin.
“No country has armed its cyber capabilities as malicious or irresponsible as Russia, causing unprecedented unprecedented damage to pursue small tactical advantages and satisfy outbursts of rancor,” said John Denvers, deputy attorney general for national security.
Today, the department has accused these Russian officers of carrying out the most destructive and destructive series of computer attacks ever attributed to a single group, including the triggering of the NotPetya malware. No nation will regain greatness if it behaves this way. “
The US investigation was assisted by multiple partners, including cybersecurity firms and allied government agencies, including the UK’s National Center for Cyber Security (NCSC), which provided vital intelligence on Olympic cyber attacks.
Chancellor Dominic Raab said: “The GRU’s actions against the Olympic and Paralympic Games are cynical and reckless. We condemn them in the strongest possible terms. The UK will continue to work with our allies to report and counter future malicious cyber attacks. “
NCSC Director of Operations Paul Chichester added: “We condemn these attacks carried out by the GRU and fully support the criminal charges announced today by the United States Department of Justice.
“These attacks have had very real consequences around the world, both for national economies and for people’s daily lives.
“We will continue to work with our partners to ensure that we are the toughest possible target for those seeking to cause disruption and damage in cyberspace.”
The UK has already acted against the GTsST by imposing asset freezes and travel bans, alongside partners in the EU, and had previously attributed spear phishing attacks to the Defense Science and Technology Laboratory’s Novichok research to Russian intelligence.
Sophos Principal Research Scientist Chester Wisniewski said that over the years, Sandworm had played “almost every card” in the cybercriminal’s playbook, including spear phishing, document exploits, credential theft, tools to live off the ground, supply chain attacks, windshield wipers, and even the use of ransomware as a false flag to deter researchers.
“It has been a noisy operation and many of us have been waiting for this day for some time,” he said.
Another result of this noise is that they have inadvertently popularized sophisticated tactics at the nation-state level for common criminals to copy. While they weren’t pioneering all of these methods, they certainly perfected them and exposed their usefulness in breaching organizations’ defenses. “
Wisniewski said it was unlikely that any of the six defendants would be arrested or extradited. In fact, your accusation could cheer them up even more.
“We are no more confident than we were yesterday, and we must continue to beef up our defenses to be prepared for Sandworm or any of the criminals they have inspired,” he said.
Still, said Sam Curry, Cybereason’s chief security officer, the virtual impossibility of trying any of the defendants in a US court did not mean the publicity of the allegations was wasted.
“While no court can extradite or try the accused, these charges will limit freedom of movement and travel in various parts of the world,” he said. “Or a dramatic change in the US or Russian regimes could change the status quo, but it is important to call in the criminals and lay the groundwork for future diplomats, trade, foreign policy and justice to finish the job.
“Finding a new geopolitical cyber norm is a multi-year and possibly multi-generational goal. It is hard to believe that this behavior will lead to significant changes in Russian foreign policy, just as it has not with APT 10 and Chinese foreign policy. But the goal is not just to bring the perpetrators to justice. The goal is to lay the foundation for future work and a more peaceful, democratic and collaborative physical and cyber world one day. “