IE 11 is not supported. For an optimal experience visit our site on another browser.

U.S. charges Russian military hackers with attacking American companies, targeting foreign elections

Court documents call the attacks, which also targeted electrical power systems, the "most destructive" use of malware.
A poster showing six wanted Russian military intelligent officers is displayed before a news conference at the Department of Justice on Oct. 19, 2020, in Washington.Andrew Harnik / Pool via AP

WASHINGTON — The U.S. Justice Department on Monday accused six Russian computer hackers of causing power blackouts, financial losses of nearly $1 billion and targeting the 2018 Winter Olympics in South Korea.

Court documents said the six were officers in the Russian military's main intelligence directorate and used "some of the most destructive malware to date." Prosecutors said it caused blackouts in Ukraine, victimized the Olympics opening ceremony, and caused losses of nearly $1 billion to Pennsylvania's Heritage Valley Health System and three other U.S. companies, including a large pharmaceutical manufacturer.

The Russians were also accused of hacking and leaking materials targeting French President Emmanuel Macron's political party in 2017, attempting to interfere with the United Kingdom's 2018 investigations into the poisoning of Russian dissident Sergei Skripal and his daughter, and trying to compromise media in the former Soviet republic of Georgia in 2018 and 2019.

John Demers, Assistant Attorney General for National Security, said the behavior detailed in Monday's charges against Russian military officers amount to an accusation of the most disruptive and destructive computer attacks ever attributed to a single group.

"No country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite," Demers said.

Charging documents said the Russians used malware known as KillDisk and Idustroyer, which caused the power blackouts in Ukraine from December 2015 through 2016, NotPetya, which caused the financial losses in the U.S., and Olympic Destroyer, which took over thousands of computers used to support the Winter Olympics.

The officers are part of a GRU unit known as "Sandworm," which previous Justice Department indictments said was responsible for hacking U.S. election infrastructure to create personas and leak Democratic party e-mails in 2016.

That unit is responsible for many of the most destructive cyberattacks in history, said John Hultquist, the director of intelligence analysis at the cybersecurity company Mandiant. "This is the actor we worry about most when it comes to the elections, so it's good to see the US is turning up the pressure on them right now," Hultquist said.

"I think this is a warning that we know who these people are, down to the man, and we are not going to be caught unaware," he said.

CORRECTION (Oct. 20, 2020, 10:08 a.m. ET): A previous version of this article misstated the location of the 2018 Winter Olympics. The games were held in South Korea, not China.