Life for Russian malicious cyber actors has become much more difficult since the beginning of the invasion of Ukraine.
Governments around the world, along with hacktivist groups like Anonymous, are thwarting Russia in every conceivable way. They have targeted Russia's critical infrastructure, oligarchs and politicians, the financial sector, and even consumer goods like streaming services.
While it's unfortunate that many Russians will be unable to watch their favorite Netflix show, or even access their bank account, it is one of the only ways to assist Ukraine in its fight without escalating the conflict to a full-scale war.
In continuation of the efforts to target Russian threat actors, the United States announced it would be offering $10 million for information leading to the identification of individuals who "participate in malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA)."
Russian GRU hackers target critical infrastructure
The Department of State's Rewards for Justice (RFJ) program is seeking information on six officers of the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU).
Four GRU officers—Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Petr Nikolayevich Pliskin, and Pavel Valeryevich Frolov—are all wanted for their involvement in a global campaign that aimed to deploy malicious malware for the strategic benefit of Russia through unauthorized entry to networks owned by U.S. organizations.
The RFJ describes their crimes:
"[They] developed components of the NotPetya malware used by the Russian government on June 27, 2017, to infect computer systems of critical infrastructure facilities worldwide. Among the targeted systems were those of U.S. hospitals and medical facilities in the Heritage Valley Health System in Pennsylvania and a large U.S. pharmaceutical manufacturer. These malicious cyber activities enabled the Russian government to damage such facilities and cause nearly $1 billion in financial losses to those and other U.S. entities."
Another GRU officer, Artem Valeryevich Ochichenko, is said to have "conducted technical reconnaissance and participated in spear phishing campaigns used by the Russian government to gain unauthorized access to computer networks of critical infrastructure facilities worldwide, thereby enabling the Russian government to disrupt and damage such facilities."
Anatoliy Sergeyevich Kovalev, the sixth GRU officer, developed spear phishing techniques and messages so that Russia could target critical infrastructure around the world.
The RFJ also tweeted this image of the hackers:
These six individuals work in the GRU's Unit 74455, also known by cybersecurity researchers as Sandworm Team, Telebots, Voodoo Bear, and Iron Viking.
In October 2020, a federal judge indicted these officers on counts of conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft.
See the Rewards for Justice page on the Russian GRU hackers for more information.
