GRU Agents Indicted for Hacking Multiple Targets

The DoJ has charged six Russians with a huge range of computer crimes. Allegedly working for the GRU, the six are said to have “used some of the world’s most destructive malware.”

The six attacked Ukraine, Georgia, elections in France, efforts to hold Russia accountable for attempted murder with Novichok in the UK and the 2018 Winter Olympics. They’re also suspected of being behind the NotPetya not-ransomware, and preparing to hack the 2020 Olympics before it was postponed (what with one thing and another).

Here we go again. In today’s SB Blogwatch, we kick mother Russia with our winklepickers.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: MTBware.


Enter Sandworm

What’s the craic? Michael S. Schmidt and Nicole Perlroth report—“U.S. Charges Russian Intelligence Officers”:

 The Justice Department on Monday unsealed charges accusing six Russian military intelligence officers of an aggressive worldwide hacking campaign [with] targets like a French presidential election, the electricity grid in Ukraine and the opening ceremony of the 2018 Winter Olympics. Prosecutors said the suspects were from the same unit that helped distribute stolen Democratic emails in the 2016 election.

The prosecutors [said it] showed how Russia sought in recent years to use its hacking abilities to undermine democratic institutions and ideals, retaliate against enemies and destroy rival economies. … The Russian Embassy in Washington strongly denied the allegations.

Known among cybersecurity analysts as Sandworm, prosecutors said the suspects worked for [Sandworm], Unit 74455 of the Russian intelligence Main Directorate, commonly referred to as the GRU. [John C.] Demers, the Justice Department’s top national security official, took direct aim at President Vladimir V. Putin of Russia. … “No nation,” Mr. Demers said, “will recapture greatness while behaving in this way.”

And Dan Goodin says the six are “accused of the world’s most destructive hacks,” listing some of their alleged dirty deeds:

 NotPetya: the 2017 disk-wiping worm that shut down the operations of thousands of companies and government agencies around the world. Disguised as ransomware, NotPetya was in fact malware that permanently destroyed petabytes of data.

Ukrainian Government and Critical Infrastructure: December 2015 through December 2016 destructive malware attacks against Ukraine’s electric power grid, Ministry of Finance, and State Treasury Service.

French Elections: April and May 2017 … targeting French President Emmanuel Macron’s … party, French politicians, and local French governments prior to the 2017 French elections.

Novichok Poisoning Investigations: April 2018 spear-phishing campaigns targeting investigations by the Organisation for the Prohibition of Chemical Weapons (“OPCW”) and the United Kingdom’s Defence Science and Technology Laboratory’s (“DSTL”) into the nerve agent poisoning of Sergei Skripal, his daughter, and several UK citizens.

PyeongChang Winter Olympics. … Georgian Companies and Government Entities.

Not only the 2018 Winter Olympics, but also the postponed 2020 Tokyo Olympics, we’re told. Jack Stubbs and Christopher Bing recount the alleged “Russian hacking spree, cyberattacks against Olympics”:

 Britain and the United States … condemned what they said were a litany of malicious cyberattacks orchestrated by Russian military intelligence, including attempts to disrupt next year’s Olympic and Paralympic Games. … Russia was banned from the world’s top sporting events for four years in December over widespread doping offences, including the Tokyo Games.

British officials said the GRU hackers … conducted “cyber reconnaissance” operations against organisers of the 2020 Tokyo Games [saying] they had targeted Games organisers, logistics suppliers and sponsors. … The attacks on the 2020 Games are the latest in a string of hacking attempts against international sporting organisations that Western officials and cybersecurity experts say have been orchestrated by Russia since its doping scandal erupted five years ago.

The hack of the 2018 Winter Olympics opening ceremony in South Korea … compromised hundreds of computers, took down Internet access and disrupted broadcast feeds. [It] was made to look like the work of Chinese or North Korean hackers, Britain’s foreign ministry said.

But it’s not as if the DoJ expects to extradite the six, right? If the cap fits, Iphtashu Fitz: [You’re fired—Ed.]

 What good is an indictment like this if the defendants are likely still in Russia and continuing to be supported by the Russian government in perpetrating more attacks like those outlined here?

So dredmorbius strips the issue to its essence:

 It’s effectively a reputational attack [that] renders its target only viable to, and therefore beholden to, [Russia]. [It] also tips the issuing agency’s hand as to surveillence and intelligence capabilities, and puts on notice others performing similar work.

A key aspect of much (not all) state-actor covert ops is impunity. This may be actual legal immunity (e.g., diplomatic cover), or simply the threats of national-level retaliation (across a wide range: sanctions, diplomatic, treaty, counterespionage or ops, military, international courts, UN or other international entity sanctions).

The US DoJ’s indictment has little power inside Russia, at least under that country’s present leadership, but has significant import elsewhere, including outside the US, or under a possible future Russian government. Say, perhaps, one lead by targets of the present leadership.

And this Anonymous Coward agrees:

 Yes, and these things hang around a long time. If you’re in your 20s, the idea of trying to avoid not slipping up, or the hope that your government doesn’t need to do some kind of deal and find you a convenient pawn in that deal sometime in the next 80 years is a rather ****ing daunting prospect.

You’ve essentially got to believe your own bull**** that Putin’s neo-Soviet empire is going to be around forever, and you’re never going to leave it. … People that irrational don’t exactly make for the most intelligent types anyway. [So] this kind of action deprives the GRU of the brightest and best.

It’s inherently contradictory to be the brightest and best, yet believe in Putin’s neo-Soviet empire like a first class puppet. … Most intelligent people in Putin’s Russia either flee or end up in jail for precisely this reason—because they’re intelligent enough to see what a ****show the current state of Russia is.

However, that’s not all, says Deputy Cartman:

 Sometimes they get so brazen / cocky / arrogant, or just simply have a brain fart, and they travel to a country friendlier with the US than Russia, be it for business or vacation, at which point YOINK!

It’s happened before: [Pyotr Levashov, Evgeny Nikulin, Stanislav Lisov, Yury Martyshev, Alexander Vinnik]

But what price delay? John Hultquist sounds very worried:

 What do you do when you almost successfully attack one Olympics, no government calls you out, and you’re banned from another? You attack the next one.

Today’s indictments are a laundry list of Sandworm’s misdeeds, some of which were never officially recognized until now. They are the most aggressive actor I have ever encountered.

The Pyeongchang Olympics attack was the culmination of a lengthy harassment campaign following Russia’s ban from the Games in South Korea. … They sent an away team to hack orgs from right outside.

Despite industry’s insight, until now, no one in the international community has laid this attack at Russia’s feet. For over two years they haven’t even been officially accused for an attack on the entire international community. That’s a lot of breathing room.

Russia was not cowed after 2016. They were emboldened. They carried out a vindictive attack on an international event of goodwill. That’s the Russia that we’re facing right now. … Emboldened by inaction.

Meanwhile, I ain’t Spartacus has some sympathy (but not much):

 What I think the Russian government need is a nice cup of tea and sit down, with someone sympathetic to … tell them to calm the **** down. Their problem seems to be that they want to be perceived as badass supervillains, at the same time they want to be liked and respected.

And Finally:

Why Norton Antivirus is Useless

Hat tip: Patchouli Woollahra

Previously in And Finally


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE. 30.

Image sauce: Department of Information and Mass Communications of the Ministry of Defense of the Russian Federation (cc:by)

Featured eBook
The Dangers of Open Source Software and Best Practices for Securing Code

The Dangers of Open Source Software and Best Practices for Securing Code

More and more organizations are incorporating open source software into their development pipelines. After all, embracing open source products such as operating systems, code libraries, software and applications can reduce costs, introduce additional flexibility and help to accelerate delivery. Yet, open source software can introduce additional concerns into the development process—namely, security. Sponsorships Available Unlike ... Read More
Security Boulevard

Richi Jennings

Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and CIO.com. Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 396 posts and counting.See all posts by richi