The alleged attacks hit targets in Ukraine, the 2018 Winter Olympics in South Korea, and western Pennsylvania.
“No country has weaponized its cyber-capabilities as maliciously and irresponsibly as Russia,” Assistant Attorney General John C. Demers said at a DOJ press conference.
The defendants are six current and former members of GRU, Russia’s military intelligence service. The DOJ said the attacks began in November 2015 and continued until at least October 2019. The allegations do not include any interference in U.S. elections.
The alleged attacks include malware strikes against the Ukrainian power grid, Ministry of Finance, and State Treasury Service; spearphishing campaigns and attacks against French President Emmanuel Macron’s political party, local French governments, and French politicians before their 2017 elections; the global NotPetya malware attack that infected computer worldwide including those in medical facilities in western Pennsylvania and a large American pharmaceutical company; the Olympic Destroyer attack that targeted computers supporting the 2018 Olympics; a spearphishing campaign targeting South Korean officials and citizens, as well as Olympic athletes; another spearphishing campaign against the United Kingdom’s Defence Science and Technology Laboratory, and attacks targeting government entities and companies in Georgia.
The NotPetya attack alone allegedly resulted in nearly $1 billion in losses, the DOJ said.
The Olympic attacks allegedly came after Russian athletes were banned from competing under the Russia flag due to their country’s government-sponsored doping efforts.
Demers said that the alleged attacks provide “a useful lens” through which to view Russia’s recent offer of a cyber-relations “reset” with the U.S.
“This indictment lays bare Russia’s use of its cyber capabilities to destabilize and interfere with the domestic, political, and economic systems of other countries, thus providing cold reminder why its proposal is nothing more than dishonest rhetoric and cynical and cheap propaganda,” Demers said.
The defendants – Yuriy Sergeyevich Andrienko, Sergey Vladimirovich , Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko and Petr Nikolayevich Pliskin – are charged with conspiracy, computer hacking, wire fraud, aggravated identity theft and false registration of a domain name.
“The crimes committed by these defendants,” said Western District of Pennsylvania U.S. Attorney Scott Brady, “are truly breathtaking in their scope, scale, and impact.”
The Justice Department thanked tech companies including Google, Facebook and Twitter for assisting them in their investigation, but did not explain how they helped.