US charges six Sandworm hackers for NotPetya ransomware attacks, other disruptive campaigns

US charges six Sandworm hackers for NotPetya ransomware attacks, other disruptive campaigns

The U.S. Department of Justice has charged six Russian nationals for computer hacking related to the Pyeongchang Winter Olympics, the 2017 French elections, and the NotPetya global ransomware attack. All six defendants are believed to be part of a hacking group tracked as “Sandworm Team,” “Telebots,” “Voodoo Bear,” and “Iron Viking.”


The indictment said the group of hackers, who allegedly work for the Russian GRU, deployed in their attacks “some of the world’s most destructive malware to date,” including the KillDisk and Industroyer (also known as Crash Override) malware used in attacks against power grid in Ukraine, the NotPetya ransomware that spread across the world in 2017, and Olympic Destroyer, which disrupted thousands of computers used to support the 2018 PyeongChang Winter Olympics.


Prosecutors also accused the six hackers for attempting to disrupt the 2017 French elections by launching a “hack and leak” operation to discredit the then-presidential frontrunner, Emmanuel Macron, as well as launching spear phishing campaigns aimed at Georgian companies and government entities.


The alleged hackers - Yuriy Sergeyevich Andrienko, 32; Sergey Vladimirovich Detistov, 35; Pavel Valeryevich Frolov, 28; Anatoliy Sergeyevich Kovalev, 29; Artem Valeryevich Ochichenko, 27; and Petr Nikolayevich Pliskin, 32 - are all charged with seven counts, including conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft.


One of the indicted individuals, Anatoliy Sergeyevich Kovalev, was previously charged in 2018 for hacking the DNC and running the DCLeaks site.