The US government formally charged six Russian Intelligence officers for conducting multiple destructive malware attacks. All six individuals were members of Unit 74455 of the Russian Main Intelligence Directorate (GRU). The group is being charged with seven counts of conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft. The indictment states the six men have deployed destructive malware for the strategic benefit of Russia since November 2015. The group attacked Ukraine’s civilian critical infrastructure in 2015, taking down a large portion of the country’s electric power grid. They have also been accused of developing components for NotPetya, Olympic Destroyer, KillDisk malware, as well as preparing spear-phishing campaigns directed against the 2018 PyeongChang Winter Olympic Games. Additionally, in 2018 they launched spear-phishing campaigns targeting organizations investigating the nerve agent poisoning of Sergi Skripal, which took place in the U.K. The NotPetya attack alone is estimated to have caused more than $10 billion in damages and effected several multinational companies. This is not the first time the US Government has indicted GRU officers for conducting cyber-attacks against US entities. One of the six members was previously charged in a separate federal indictment for conspiring to gain unauthorized access to computers of US citizens involved in the 2016 US presidential elections.
The attacks carried out by this group are undoubtedly sophisticated and show how serious the damage from a state sponsored cyberattack can be. That being said it should be noted the group relied heavily on phishing campaigns, typosquatting domains, and spoofed email addresses to gain initial access. No matter how sophisticated a cyber-attack may be, it still needs an entry point. Remaining vigilant and understanding how criminals attempt to deceive individuals remains one of the best defenses against cyber attacks.