The State Department is offering a $10 million bounty for the capture of six Russian government hackers accused of switching off a Chernobyl safety system.
On April 26, the six – who work for Russia’s feared GRU intelligence agency – were indicted on a litany of crimes that includes wire fraud, registration of fake domain names, identity theft and intentional damage to a protected computer.
They are: Yuriy Sergeyevich Andrienko ,32; Sergey Vladimirovich Detistov, 35; Pavel Valeryewich Frolov, 28; Anatoliy Sergeyevich Kovalev, 29; Artem Valeryevich Ochichenko, 27 and Petr Nikolayevich Pliskin, 32.
The group is thought to be behind the creation of the NotPetya malware. A State Department press release said that the group’s activities have cost U.S. businesses close to $1 billion.
Even more frighteningly, the gang is said to have successfully hacked in to a radiation monitor at Chernobyl in 2017, and switched it off.
The nuclear power station in Pripyat, Ukraine, was destroyed by a reactor explosion in 1986, sparking the worst radiation fuel leak of all time. It now sits entombed in a huge concrete sarcophagus, but is constantly monitored to check for further leaks.
The GRU is the Russian intelligence agency that remained in place following the collapse of the Soviet Union and the dissolution of the security agency, the KGB.
According to the U.S. Attorney’s office for the Western District of Pennsylvania, the six defendants are members of an elite team of Moscow-based hackers named the Sandworm Team.
Yuriy Sergeyevich Andrienko and Sergey Detistov are officers in the GRU. Andrienko is a native of Belarus while Detistov hails from the Russian city of Rostov
Pavel Frolov is from the Russian city of Kaluga while Anatoliy Kovalev comes from Totma, both are officers in the GRU
Artem Ochichenko is from the city of Sosnovka while Petr Pliskin hails from Khaborovsk, Russia
Chernobyl is pictured on April 26. Russian hackers are being sought by the US on a $10m bounty and are accused of taking the ruined nuclear power station’s radiation monitor offline in 2017
The group previously went by the names Telebots, Voodoo Bear and Iron Viking. They are also known as Unit 74455.
Among the attacks the group is blamed for are a series of attacks on Ukraine’s power grid and infrastructure in 2015 and 2017, interfering in France’s presidential election in 2017 and the Winter Olympics in South Korea in 2018.
The 2017 Ukrainian hack saw Chernobyl’s radiation monitoring system being taken offline. Officials at the facility were forced to monitor the radiation in the zone manually. The outage is not believed to have posted any dangers to locals.
A spokesperson said that time that employees were forced to patrol the vicinity of the plant and monitor the radiation with hand-held meters.
U.S. Attorney Scott W. Brady for the Western District of Pennsylvania described Sandworm’s actions as ‘representing the most destructive and costly cyber-attacks in history.’
Novator Business center, 22 Kirova Street, Khimki, Moscow, is thought to be the headquarters of the Sandworm group of hackers
Brady added, ‘The crimes committed by Russian government officials were against real victims who suffered real harm. We have an obligation to hold accountable those who commit crimes – no matter where they reside and no matter for whom they work – in order to seek justice on behalf of these victims.’
‘Time and again, Russia has made it clear: They will not abide by accepted norms, and instead, they intend to continue their destructive, destabilizing cyber behavior,’ said FBI Deputy Director David Bowdich.
The Biden administration warned in March that intelligence indicated that new state sponsored Russian cyber attacks were forthcoming.
The members of Sandworm were first charged in Pennsylvania in October 2020. The charges were laid their and the group was implicated in a malware plot involving hospitals in the state in 2017.
The State Department press release read in part, ‘These cyber intrusions damaged the computers of hospitals and other medical facilities in the Heritage Valley Health System (Heritage Valley) in western Pennsylvania, a large U.S. pharmaceutical manufacturer, and other US private sector entities.’
At that time, Kremlin spokesman Dmitry Peskov rejected the accusations and said Russia and Russian special services ‘have never undertaken any hacking attacks, especially against the Olympics.’
‘This resembles regularly occurring relapses of rampant Russophobia, which of course has nothing to do with the reality,’ Peskov said.
Five of the six hackers are accused of building tools designed to hack into systems. Ochichenko on the other hand is accused of being involved in spearfishing, a practice of fraudulently misrepresenting yourself in an email in order to implant a virus or malware.
The spearfishing scam targeted the 2018 Winter Olympics in Pyeongchang, South Korea.
Charing documents say that 29 people with email addresses that ended in the domain ‘pyeongchange2018.com’ received an email purporting to be from the IOC Commission Chairman. The phony email came from the address Olympicgameinfo@gmail.com.
An attachment from the email offered information on delegates who planning to attend the games. In reality, the attachment contained malware.
The motivation for that attack was the IOC’s banning of Russia from the Olympic Games due to the
As recently as April 2022, Sandworm is thought to have been behind an attempt to cause a power blackout in Ukraine.
The most recent indictment notes that Anatoliy Sergeyevich Kovavlev was previously charged in the District of Columbia, with conspiring to gain unauthorized access into the computers of U.S. persons and entities involved in the administration of the 2016 U.S. elections.