20 October 2020

US charges six Sandworm hackers for NotPetya ransomware attacks, other disruptive campaigns


US charges six Sandworm hackers for NotPetya ransomware attacks, other disruptive campaigns

The U.S. Department of Justice has charged six Russian nationals for computer hacking related to the Pyeongchang Winter Olympics, the 2017 French elections, and the NotPetya global ransomware attack. All six defendants are believed to be part of a hacking group tracked as “Sandworm Team,” “Telebots,” “Voodoo Bear,” and “Iron Viking.”

The indictment said the group of hackers, who allegedly work for the Russian GRU, deployed in their attacks “some of the world’s most destructive malware to date,” including the KillDisk and Industroyer (also known as Crash Override) malware used in attacks against power grid in Ukraine, the NotPetya ransomware that spread across the world in 2017, and Olympic Destroyer, which disrupted thousands of computers used to support the 2018 PyeongChang Winter Olympics.

Prosecutors also accused the six hackers for attempting to disrupt the 2017 French elections by launching a “hack and leak” operation to discredit the then-presidential frontrunner, Emmanuel Macron, as well as launching spear phishing campaigns aimed at Georgian companies and government entities.

The alleged hackers - Yuriy Sergeyevich Andrienko, 32; Sergey Vladimirovich Detistov, 35; Pavel Valeryevich Frolov, 28; Anatoliy Sergeyevich Kovalev, 29; Artem Valeryevich Ochichenko, 27; and Petr Nikolayevich Pliskin, 32 - are all charged with seven counts, including conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft.

One of the indicted individuals, Anatoliy Sergeyevich Kovalev, was previously charged in 2018 for hacking the DNC and running the DCLeaks site.

Back to the list

Latest Posts

Fujitsu discloses malware infection, warns of possible data leak

Fujitsu discloses malware infection, warns of possible data leak

The tech giant did not specify what kind of malware its systems have been infected with.
19 March 2024
ShadowSyndicate ransomware group targeting Aiohttp flaw

ShadowSyndicate ransomware group targeting Aiohttp flaw

Organizations are urged to update to Aiohttp v3.9.
18 March 2024
The International Monetary Fund discloses cyberattack affecting 11 email accounts

The International Monetary Fund discloses cyberattack affecting 11 email accounts

The organization did not share any additional details regarding the nature of the attack.
18 March 2024