The US charged six current and former members of Russia’s military intelligence agency for allegedly carrying out some of the world’s most destructive hacking attacks from 2015 to 2019, including knocking out Ukraine’s power grid and causing almost US$1bil in damage to three American companies.

The hackers allegedly carried out attacks against the 2017 elections in France and the 2018 Pyeongchang Winter Olympic Games, according to an indictment unsealed by the US Justice Department on Monday.

“According to the indictment, beginning in or around November 2015 and continuing until at least in or around October 2019, the defendants and their co-conspirators deployed destructive malware and took other disruptive actions, for the strategic benefit of Russia, through unauthorised access to victim computers,” the department said.

The hackers from the military intelligence unit known as GRU allegedly spread what is known as NotPetya malware, which damaged computers used for critical infrastructure, including impairing the administration of medical services by a hospital system in Pennsylvania.

“The attack caused the unavailability of patient lists, patient history, physical examination files and laboratory records,” according to the department.

The NotPetya attack also caused about US$400mil in damages to a subsidiary of FedEx Corp and more than US$500mil in damages to a large US pharmaceutical manufacturer, which the indictment didn’t identify. Merck & Co has been previously identified as one of the targets.

None of the charges involved the current US presidential campaign, although the FBI and other agencies say Russia continues trying to interfere in US politics.

“No country has weaponised its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and fits of spite,” John Demers, head of the department’s national security division, told reporters during a news conference on Oct 19.

Demers said the release of the indictment wasn’t particularly intended to send a message to Russia against interfering in the 2020 election. He said US agencies haven’t seen evidence that hackers can compromise voting in this year’s election.

“Americans should be confident that a vote cast for their candidate will be counted for that candidate,” Demers said.

The US Justice Department also said the investigation was aided by social media companies Facebook Inc and Twitter Inc, as well as Alphabet Inc’s Google and Cisco Systems Inc.

‘Voodoo Bear’

The hackers are part of a group known variously as “Sandworm Team” and “Voodoo Bear” among cybersecurity experts. The group’s espionage and sabotage hacking operations are “highly advanced” and consistent with “Russian economic and national objectives”, according to an analysis by the firm Crowdstrike Inc. The group has an interest in “targeting critical systems” and disrupting infrastructure, according to an analysis by the firm FireEye Inc.

The timing of the indictment, weeks before the US presidential election, is notable. A separate hacking unit that is associated with Russia’s GRU meddled in the 2016 US election, and Microsoft Corp recently found that group attempting to hack political targets ahead of the 2020 election.

In addition, one of the defendants in the indictment unsealed on Monday was also charged in 2018 by the US for hacking tied to the 2016 election. He conspired “to gain unauthorised access into the computers of US persons and entities involved in the administration of the 2016 US elections”, according to the Justice Department.

The US intelligence community has assessed that Russia is attempting to help President Donald Trump succeed and hurt his rival, former Vice President Joe Biden. The US also indicted hackers from GRU in October 2018, before the midterm elections. Russia denies any role.

The UK’s Foreign Office said Monday that the GRU had conducted “cyber reconnaissance against officials and organisations” involved in the 2020 Olympic and Paralympic Games that were to take place in Tokyo over the summer. The games were postponed because of the coronavirus pandemic. The Foreign Office added that the GRU tried to make it look like its attacks on the 2018 Winter Games in South Korea was the work of North Korean and Chinese operatives.

“The GRU’s actions against the Olympic and Paralympic Games are cynical and reckless. We condemn them in the strongest possible terms,” Foreign Minister Dominic Raab said. “The UK will continue to work with our allies to call out and counter future malicious cyberattacks.”

 - Bloomberg