The US has charged six Russian hackers over a series of global cyber attacks, including trying to undermine UK efforts to hold Moscow accountable for the Salisbury spy poisoning.
Mug shots of the men, aged between 27 and 35, were released on a poster with the words: “Wanted by the FBI”.
The charging announcement came as Britain accused Russian cyber spies of attacking the 2020 Olympics and Paralympics before they were postponed, and of posing as Chinese and North Korean hackers to target the 2018 games.
Dominic Raab, the foreign secretary, described the actions of Russia’s GRU military intelligence service as “cynical and reckless”.
The UK named the specific group it said was behind the attacks as the GRU’s Main Centre for Special Technologies, also known as Unit 74455.
This is the same group of hackers that allegedly targeted the 2016 US presidential election.
The US Justice Department said a federal grand jury in Pittsburgh returned an indictment charging six computer hackers, who are all allegedly members of Unit 74455.
It accused the hackers “and their co-conspirators” of cyber attacks, including against the UK’s defence laboratory at Porton Down and the UN’s chemical weapons watchdog in the Hague in April 2018, as both organisations investigated the poisoning of former Russian spy Sergei Skripal and his daughter Yulia in Salisbury.
The UK accused Russia of the nerve agent attack with a novichok toxin.
One of the six men – Anatoliy Sergeyevich Kovalev, 27 – was specifically accused of having developed “spearphishing techniques and messages used to target… employees of the DSTL,” referring to the UK’s Defence Science and Technology Laboratory at Porton Down.
The hackers were also charged with targeting the French presidential election in 2017. Then presidential candidate Emmanuel Macron’s campaign was hit by a hack and leak attack just ahead of polling day.
In addition, on the list of charges was what is regarded as the world’s most devastating cyber attack to-date – the NotPetya attack against Ukraine in June 2017.
The attack went viral, hitting companies globally, including in the United States and the UK, and inflicting some $10 billion in damage.
“No country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite,” US Assistant Attorney General for National Security John C. Demers said.
“Today the Department has charged these Russian officers with conducting the most disruptive and destructive series of computer attacks ever attributed to a single group, including by unleashing the NotPetya malware. No nation will recapture greatness while behaving in this way.”
Other attacks linked to the group included against Georgia and the 2018 Pyeongchang Winter Olympic Games in South Korea.
The suspects were named as Yuriy Sergeyevich Andrienko, 32; Sergey Vladimirovich Detistov, 35; Pavel Valeryevich Frolov, 28; Anatoliy Sergeyevich Kovalev, 29; Artem Valeryevich Ochichenko, 27; and Petr Nikolayevich Pliskin, 32.
Naming and issuing charges is still a long way from bringing anyone to trial. As the suspects are allegedly Russian nationals living in Russia it is very unlikely they will be handed over to US prosecutors.
But the act of issuing the indictment will prevent them from being able to travel to the United States or anywhere that the US has an extradition agreement with – a move that the US regards as having a deterrent effect against anyone considering a future cyber attack.
In its separate statement, the Foreign, Commonwealth and Development Office accused Russia of conducting “reconnaissance” against organisers of the 2020 summer games in Tokyo before the event was delayed because of the coronavirus pandemic.
Targets also included companies involved in logistics for the games as well as sponsors.
The games had been scheduled to take place from 23 July to 8 August but were postponed in March until 2021.
Details of the reconnaissance were not revealed but it could involve things like setting up fake websites pretending to be a particular organisation, or creating accounts pretending to be a certain individual.
The aim could well have been to try and disrupt the global sporting bonanza at a time when Russia is banned from taking part for four years because of a doping scandal.
“The GRU’s actions against the Olympic and Paralympic Games are cynical and reckless. We condemn them in the strongest possible terms,” Mr Raab said in a statement.
“The UK will continue to work with our allies to call out and counter future malicious cyber attacks.”
The timing of UK’s allegation being released is in part to raise awareness about the cyber threat as organisers prepare to hold the delayed Olympics next year in Japan.
The foreign office also for the first time confirmed details about a 2018 cyber attack on the Winter Olympic and Paralympic Games in Pyeongchang.
“The GRU’s cyber unit attempted to disguise itself as North Korean and Chinese hackers when it targeted the opening ceremony of the 2018 Winter Games,” it said.
“It went on to target broadcasters, a ski resort, Olympic officials and sponsors of the games in 2018. The GRU deployed data-deletion malware against the Winter Games IT systems and targeted devices across the Republic of Korea using VPNFilter.”
The Russian hackers’ alleged attempt to cover their tracks included using certain snippets of code and techniques to try to confuse investigators into think they were from China and North Korea.
The UK’s National Cyber Security Centre, a branch of GCHQ, believe Russia’s aim was to sabotage the running of the games, the Foreign Office said.
It noted that the malware used by the hackers in the 2018 attack was designed to wipe data from, and disable, computers and networks.
“Administrators worked to isolate the malware and replace the affected computers, preventing potential disruption,” the Foreign Office said.
GRU Unit 74455 is also known as a number of other names including Sandworm, BlackEnergy Group and Voodoo Bear.
The UK has previously attributed other major cyber attacks to the group, including the June 2017 NotPetya attack against financial, energy and government sectors in Ukraine.