On October 19, 2020, the US Department of Justice unsealed an indictment charging six officers in Unit 74455 of the Russian Main Intelligence Directorate (GRU), a military intelligence agency of the Russian Federation, with crimes related to a series of destructive cyberattacks between November 2015 and October 2019. The GRU hackers are accused, along with co-conspirators, of carrying out computer intrusions and attacks “for the strategic benefit of Russia” in an effort to destabilize or retaliate against the nations of Ukraine and Georgia, the 2017 French elections, an investigation into Russia’s use of the nerve agent Novichock in the UK, and the 2018 PyeongChang Winter Olympic Games after Russian athletes were banned amidst doping allegations.
Most notably, the defendants are accused of developing and unleashing the NotPetya malware, which caused significant financial losses and damaged critical infrastructure worldwide, including hospitals and other medical facilities in the Heritage Valley Health System in western Pennsylvania. The three US victims identified in the indictment—Heritage Valley, TNT Express B.V. (a FedEx Corp. subsidiary), and a large U.S. pharmaceutical manufacturer—allegedly suffered more than $1 billion in losses from the NotPetya attacks. In addition to unleashing NotPetya, the alleged hackers are accused of developing and using other highly damaging malware, such as KillDisk, Olympic Destroyer, and Industroyer. According to Assistant Attorney General for National Security John Demers, these hackers conducted “the most disruptive and destructive series of computer attacks ever attributed to a single group[.]”
The six defendants are charged in seven counts, including conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft.
DOJ Press Release | DOJ Unsealed Indictment | DOJ Indictment – Exhibit A