Russian hackers responsible for NotPetya, KillDisk, Olympic Destroyer attacks : Chester Wisniewski
Six Russians are believed to be the members of one of Russia's elite hacking and cyber war units known as Sandworm, as per the charges by the US Department of Justice.
In court documents today, US officials said all six suspects are officers in Unit 74455 of the Russian Main Intelligence Directorate (GRU), a military intelligence agency part of the Russian Army.
As part of this unit, US officials said the six conducted "destructive" cyber-attacks on behalf and under orders of the Russian government with the intent to destabilize other countries, interfere in their internal politics, and cause havoc and monetary losses.
If you’re writing a follow-on story about the US charging Russian hackers in the NotPetya, KillDisk and OlympicDestroyer cyberattacks, please feel free to include the below commentary from Chester Wisniewski, principal research scientist, Sophos.
“The indictment of the Russian GRU hackers related to the attacks referred to collectively as "Sandworm" is an interesting development in attempts by Western governments to rein in foreign adversary attacks. Sandworm has operated for more than 10 years and has played nearly every card in the attacker playbook. They are accused of having used spear phishing, document exploits, password stealers, living-off-the-land tools, supply chain hijacking, destructive wipers and have even pretended to be ransomware in efforts to create false flags for investigators. They have been a noisy operation and many of us have been expecting this day to come for some time.
Another result of this noisiness is they have inadvertently popularized sophisticated nation-state level tactics to be copied by everyday criminals. While they did not pioneer all these methods, they certainly perfected them and exposed their usefulness in breaching organizations defenses.
Considering the accused are members of the Russian military intelligence (GRU) they are unlikely to ever be arrested. Three of the accused were previously indicted for other crimes and these indictments might prove to embolden them rather than curb their behaviour.
We're no safer than we were yesterday, and we need to continue to bolster our defenses to be prepared for Sandworm or any of the garden variety criminals they have inspired. Were they to be arrested their replacements are already in training and the relentless thirst of nation-states to compromise and interfere with their adversaries goes undeterred,” said Chester Wisniewski.