WASHINGTON—Federal prosecutors unsealed charges against six Russian intelligence officers accused of engaging in some of the most destructive cyberattacks of recent years, including operations that knocked out Ukraine’s energy grid, exposed emails from the French president’s party and damaged global systems in the costly 2017 NotPetya attack.
The prolific hacking unit within Russia’s military intelligence service, known as the GRU, has previously been linked by U.S. authorities to the cyber interference operations during the 2016 election, and one of the accused has already been indicted by the U.S. in connection with Russian hacking attempts on U.S. election systems.
The indictments, covering alleged activity from 2015 to 2019, reflect how Moscow has become increasingly aggressive in using a range of cyber weapons to achieve its geopolitical aims and attempt to destabilize some of its rivals, prosecutors and analysts said.
Many of the cyberattacks had previously been attributed to the Russian government, but the indictments unsealed on Monday are the first U.S. criminal charges linking them to named Russian intelligence officers. The defendants are charged with several counts including conspiracy, computer hacking, wire fraud and aggravated identity theft.
The named defendants—Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko, and Petr Nikolayevich Pliskin—are all believed to be residents of Russia and couldn’t be reached for comment. They are unlikely ever to be extradited to the U.S.
All six were placed on the FBI’s most wanted list. Mr. Kovalev was also indicted in 2018 by former special counsel Robert Mueller in relation to Russian hacking attempts on U.S. election systems ahead of the 2016 election.
The charges landed 15 days before the 2020 presidential election, which U.S. intelligence officials have repeatedly warned is being targeted by Moscow. Russia has denied Western allegations that it engages in destructive cyber operations against other nations.
“No country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite,” said Assistant Attorney General for National Security John C. Demers.
The attacks spanned four years and reached across the world, from Pennsylvania to the Korean Peninsula.
In December 2015 and December 2016, hundreds of thousands of Ukrainians temporarily lost power in cyberattacks on Russia’s neighbor’s energy grid. Two days ahead of the 2017 French presidential election, the Russian officers leaked a tranche of emails belonging to then-candidate Emmanuel Macron, in an operation that resembled the hack-and-leak of Democratic emails during the 2016 U.S. presidential election.
The charges also link Moscow to cyberattacks on the 2018 Winter Olympics in South Korea, where internet systems were disrupted during the opening ceremony in apparent retaliation for doping bans that had been placed on Russian athletes. The attack, in which Russia unsuccessfully attempted to camouflage its actions as the handiwork of North Korean hackers, “combined the emotional maturity of a petulant child with the hacking skills of a nation state,” Mr. Demers said during a press call.
Separately, the British government on Monday accused the GRU of targeting the 2020 Olympic and Paralympic games in Tokyo earlier this year, before their postponement due to the coronavirus pandemic. Organizers, logistics services and sponsors were targeted, the British said.
“Today’s indictments of GRU officers reads like a laundry list of many of the most important cyberattack incidents we have ever witnessed,” said John Hultquist, director of intelligence analysis at FireEye Inc., a U.S.-based cybersecurity firm.
Monday’s charges, returned last week by a grand jury in Pittsburgh, additionally accuse the intelligence officers of a spearphishing campaign against the Organization for the Prohibition of Chemical Weapons and the U.K.’s Defence Science and Technology Laboratory in search of information related to investigations into the poisoning of former Russian spy Sergei Skripal, his daughter, and several U.K. citizens. The charges also accuse the hackers of targeting businesses and the government in the nation of Georgia.
The NotPetya operation, launched in June 2017, has been described by security analysts and government officials as the most destructive cyberattack. It combined ransomware and wiper software that destroyed data and invaded corporate networks mainly through a corrupted software update from a small firm in Ukraine. The attack crashed many systems world-wide and altered basic administrative data that made recovering downed computer systems difficult.
NotPetya cost businesses around the world billions of dollars. On Monday, authorities highlighted that the alleged damage to just three companies—Heritage Valley Health System, a FedEx Corp. subsidiary and a large U.S. pharmaceutical manufacturer—suffered collectively about $1 billion in losses.
The attack on Heritage Valley Health System in Pennsylvania disrupted medical care to some patients and affected two hospitals, 60 physician offices, and 18 community satellite facilities, the indictment said.
The GRU team known as Unit 74455 that was implicated in Monday’s charges is commonly known among researchers as Sandworm and widely viewed as among the most capable and dangerous hacking groups in the world.
“They are the most aggressive actor I have ever encountered and they have been my greatest concern for the upcoming election,” said Mr. Hultquist, who has tracked the group for years.
Earlier this year, U.S. intelligence agencies said Russia was attempting to interfere in the 2020 presidential election to denigrate Democratic nominee Joe Biden.
Last month, Russian President Vladimir Putin proposed that Moscow and Washington agree to a pact that would guarantee neither nation interferes in the other’s elections—an offer widely criticized by cybersecurity experts as one made in bad faith.
On Monday, Mr. Demers said the unsealed charges “provide a useful lens for evaluating Russia’s offer two weeks ago for a reset in cyber relations between Russia and the United States.”