The US Department of Justice is indicting six hackers, members of the Russian military intelligence service, who are said to be responsible, among other things, for the attacks with NotPetya and for MacronLeaks to influence the French elections in 2017. A statement from John Hultquist, Senior Director of Analysis at Mandiant Threat Intelligence.
“Today's indictment against Russian military intelligence officers contains some of the most aggressive cyberattacks and disinformation campaigns we have ever seen carried out by the Sandworm hacking group. These include repeated successful attacks on the Ukrainian power grid, the economically devastating suspected ransomware attacks with NotPetya, the influencing of the French elections in 2017 and the attack on the Olympic Games in Pyeongchang. Incidentally, even if it is not mentioned in this indictment, Sandworm was also involved in the interference in the US elections in 2016: The group managed the publication of sensitive information in the "Hack and Leak" campaign and gained access to the election infrastructure.
Attack on Olympia in Pyeongchang
The attack on the Pyeongchang Olympics was the culmination of a long-running campaign to harass and discredit the Olympic community. It started a few hours after the decision to disqualify Russian athletes from the Games was made. Even before the devastating attack, Sandworm and other units of the Russian military intelligence service orchestrated DDoS attacks, “hack and leak” campaigns and other attacks in which hackers even physically traveled to attack organizations at close range.
They targeted the games with an aggressive attack that was supposed to bring them to a standstill, which almost succeeded. The attack was carried out using malware that bore many similarities to the tools North Korea uses - yet the link to Sandworm was exposed. The hackers tried to mislead investigators - but interference was suspected even before the Games began, and many investigators ultimately attributed the incident to Russia.
Hacker activities should finally be officially recognized
Although the deception was transparent, Russia managed to come up with a workable alternative explanation for the attack, so that it was to some extent contestable. In addition, Russia was able to avoid a backlash from the international community. It is important that the activities are finally officially recognized, because Russia has so far escaped any official allegation.
The importance of these events as the US election is imminent should not be underestimated. We're talking about the hackers who targeted the 2016 US election. If the wrong impression has arisen that Russia then exercised restraint, the attack on the Winter Olympics proves the opposite. It was an act of international harassment using means that we may see again in the 2020 US presidential election.
MacronLeaks
The interference by hackers in the 2017 French elections is particularly noteworthy. We also consider a very late “hack and leak” campaign, such as that carried out in France, to be a possible scenario in the USA. The incident in France shows that drastic interventions are possible until shortly before the decision is made. In 2017, the leaked information also contained falsified material - we should always keep in mind that hackers can mix legitimate, stolen information with fake material. "
Find out more at FireEye.com
About Trellix Trellix is a global company redefining the future of cybersecurity. The company's open and native Extended Detection and Response (XDR) platform helps organizations facing today's most advanced threats gain confidence that their operations are protected and resilient. Trellix security experts, along with an extensive partner ecosystem, accelerate technology innovation through machine learning and automation to support over 40.000 business and government customers.