The Department of Justice on Thursday announced criminal charges against seven Russian military officers for a wide-ranging hacking operation against sporting and anti-doping agencies in the United States, Canada, and Europe.
Russian athletes were barred from officially representing their country at the 2018 Winter Olympics over alleged doping, and the indictment accuses the members of the GRU, Russia’s intelligence directorate, of using cyber-operations to obtain private health data on athletes at anti-doping agencies and then publicly leak the data.
Russian operatives dumped the private medical information of more than 250 athletes on social and traditional media toward that end, according to John Demers, assistant attorney general for national security.
“All of this was done to undermine those organizations’ efforts to ensure the integrity of the Olympic and other games,” Demers said Thursday in announcing the charges.
The indictment also accuses GRU hackers of targeting the Netherlands-based Organization for the Prohibition of Chemical Weapons (OPCW) and the Switzerland-based Spiez Laboratory, both of which were investigating the poisoning of a former Russian agent in Salisbury, England. Furthermore, the document alleges a GRU attempt to infiltrate the computer networks of a U.S. nuclear power company, Westinghouse Electric Corp., which does business in Ukraine.
“The actions of these seven hackers, all working as officials for the Russian government, were criminal, retaliatory, and damaging to innocent victims and the United States’ economy, as well as to world organizations,” FBI Director Christopher Wray said in a statement.
Three of the alleged GRU officers indicted Thursday were also charged by the DOJ in July for allegedly hacking into the Democratic National Committee and the Democratic Congressional Campaign Committee during the 2016 presidential campaign.
The defendants were charged with one count each of conspiracy to commit computer fraud and abuse, conspiracy to commit wire fraud, and conspiracy to commit money laundering.
The seven defendants, whom DOJ said all live in Russia, are: Dmitriy Sergeyevich Badin, 27, Artem Andreyevich Malyshev, 30, and Alexey Valerevich Minin, 46, Aleksei Sergeyevich Morenets, 41, Evgenii Mikhaylovich Serebriakov, 37, Oleg Mikhaylovich Sotnikov, 46, and Ivan Sergeyevich Yermakov, 32.
Only one piece of the story
Thursday’s charges are the latest move in an ongoing U.S. law enforcement effort to crackdown on Kremlin hacking.
Since Russia’s interference in the 2016 U.S. election, American officials have sought to deter Russian hacking through criminal charges and sanctions. (They have also said that, if necessary, offensive cyber-operations would be brought to bear to defend U.S. democracy.) Nonetheless, evidence of aggressive Russian government cyber activity has continued to mount as U.S. officials grapple with how to deter it.
Thursday’s DOJ charges coincide with a flurry of denunciations of alleged GRU hacking from Western governments this week. The British government has accused the Russian intelligence agency of “indiscriminate and reckless cyberattacks targeting political institutions, businesses, media and sport.” A Russian Foreign Ministry spokesperson denied the allegation.
For their part, Dutch government officials on Thursday laid out how they disrupted the alleged GRU attempt to hack into the OPCW in April.
At Thursday’s press conference, Demers said the four GRU officers had been “caught red-handed” trying to breach the OPCW. The DOJ indictment alleges that the Russian spies traveled to OPCW’s headquarters in The Hague using Russian diplomatic passports and checked into a hotel adjacent to the OPCW. They then allegedly pointed an antenna at the building, attempting to intercept WiFi signals emanating from it, before Dutch intelligence officials broke up the operation.
Jens Stoltenberg, secretary of the North Atlantic Treaty Organization, tweeted that NATO “stands in solidarity with the Dutch & UK governments in calling out Russia on its cyberattacks” on the OPCW and other organizations.
A showdown in Europe
Also on Thursday, cybersecurity company Symantec unveiled research on the GRU-linked hacking group known as Fancy Bear showing that the group had conducted stealthy, intelligence-gathering operations on government targets in Europe and South America.
Symantec researchers found that the Russian group had reconfigured some of its hacking tools to avoid detection and set its sights on multiple military and government organizations in Europe, among other potential intelligence assets.
One example of that “re-tooling” is a rewriting of the so-called X-Tunnel malware the group uses to maintain access to compromised networks via an encrypted tunnel. “Usually they do this type of thing to try to evade detection,” Dick O’Brien, principal editor at Symantec, told CyberScoop. “The tool is still the same, but the fingerprint is a little bit different.”
Other Fancy Bear targets listed in the Symantec report, which covers activity in 2017 and 2018, include an Eastern European country’s embassy and a “well-known international organization.”
O’Brien said the European military targets could include organizations such as defense ministries or the armed forces. The Russian hacking group has appeared to single out specific people within those organizations to target, he said. Symantec did not specify which organizations are being probed by Fancy Bear.
Russian motives for surveilling European military assets are clear. For example, Moscow views the North Atlantic Treaty Organization, the military alliance that includes Baltic countries bordering Russia, as an encroachment on its geopolitical neighborhood.
On a visit to Lithuania last month, German Chancellor Angela Merkel said Berlin was building out its military cyber capabilities in response to Russia’s “hybrid warfare” — things like propaganda and cyber operations — on NATO troops (Moscow has denied such allegations).