US indicts six Russian officers for NotPetya, Ukrainian blackouts, other attacks


The United States have indicted six Russian from the GRU intelligence agency for their alleged roles in a series of attacks causing billions of dollars in damage to the private sector. The officers were part of a group known as Sandworm or Telebots, and known for NotPetya, an attack on the Olympic Games and downing the Ukranian power grid.

On Monday, the Department of Justice announced a Pittsburgh grand jury indicted Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko, and Petr Nikolayevich Pliskin on Oct. 15.

"Today’s allegations, in their entirety, provide a useful lens for evaluating Russia’s offer two weeks ago of a cyber 'reset' between Russia and the United States," said Assistant Attorney General for National Security John Demers at a press conference. He added later: "This indictment lays bare Russia’s use of its cyber capabilities to destabilize and interfere with the domestic political and economic systems of other countries, thus providing a cold reminder of why its proposal is nothing more than dishonest rhetoric and cynical and cheap propaganda."

Andrienko, Detistov, Pliskin and Frolov are charged with activities in connection to NotPetya, an attempt to sabotage Ukraine disguised as ransomware, launched in 2017. NotPetya propagated well beyond Ukraine. It ultimately caused billions of dollars in damage in the private sector, most notably to the shipping firm Maersk, Merck and the law firm DLA Piper.

Five of six defendants (all but Detistov) were charged in connection to attacking the Olympics in 2018 after the International Olympic Commission barred Russian Athletes from competing, citing corruption in drug testing. Those attacks including hacking the South Korean host, the IOC and athletes and "Olympic Destroyer" malware that disrupted WiFi at the stadiums.

Frolov and Kovalev were charged for attacks on the Ukranian power grid, Ministry of Finance, and State Treasury Service, resulting in blackouts.

Ochichenko and Kovalev are accused of attacks on the country of Georgia, and Kovalev is accoused of a hack and leak campaign targeting French President Macron's En March! political party.

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.