Posted on April 30, 2022 at 11:05 AM
The U.S government has announced a bounty of $10 million to anyone or persons with information about 6 Russian RGU hackers from the infamous Sandworm hacking group.
The bounty is part of the Rewards for Justice Program offered by the U.S. Department of States. It offers different levels of rewards to informants and whistleblowers leading to the identification or the location of foreign state-sponsored actors on U.S soil.
The State Department stated that the accused individuals worked on behalf of the Russian government and conducted malicious cyber activities against U.S. critical infrastructure, which violates the Computer Fraud and Abuse Act.
The accused Are Part Of The Sandworm APT Group
It also noted that the 6 Russians involved in the act as all part of the advanced persistent threat group known as Sandworm, also called Iron Viking or Voodoo Bear. The group has been operating since 2008 and has been targeting critical infrastructures in Ukraine and other Western countries. The goal of the group has always been to establish a long-term presence to steal highly sensitive data.
The State Department has also named the hackers and pointed out the roles they played in the hacking activity.
Anatoliy Sergeyevich Kovalev allegedly developed spear-phishing messages and techniques. The method utilized by the Russian government to infiltrate computer systems of critical infrastructures.
Artem Valeryevich Ochichenko, was involved in a spear-phishing and technical reconnaissance campaign to access IT networks of critical infrastructures in several countries.
Yuriy Sergeyevich Andrienko, Pavel Valeryevich Frolov, Sergey Vladimirovich Detistov, and Petr Nikolayevich Pliskin, were involved in the development of tools for the Olympic and NotPetya destroyer malware. The malware was deployed by the Russian government in June 2017 to infect computer systems.
Rewards For Justice Launches Website For Whistleblowers
The U.S. Justice Department indicted the officers on October 15, 2020, for their various leading roles in disrupting and destabilizing other nations through destructive malware attacks. The Department charged them with aggravated identity theft and conspiracy to commit wire fraud.
In line with the initiative, the Rewards of Justice has launched a website and made it open to the public to provide any information they find relevant about the threat actors. They are allowed to share the information through WhatsApp, Telegram, or Signal. They are also permitted to share them without disclosing their identity.
The Sandworm group has been linked to a series of highly technical hacking incidents in the past. Recently, the group was linked to the sophisticated botnet malware called Cyclops Blink. The botnet corrupted routers and internet-connected firewall devices from ASUS and WatchGuard.
The group has also been associated with other recent hacking incidents, which include deploying the latest version of the Industroyer malware on high-voltage electrical systems in Ukraine. The campaign started as soon as Russia’s invasion of Ukraine began, although it has been neutralized.
The hacking activities associated with the Sandworm group also include destructive malware attacks against Ukraine’s Ministry of Finance and power grid using the malware known as Killdisk, Indstroyer, and BlackEnergy.
Apart from information about the 6 Sandworm group members, the Rewards for Justice is also interested in information about other threat actors. These include the North Korean cybercrime threat actors, DarkSide ransomware, REvil ransomware, and other nation-state hackers that target U.S critical infrastructures.
It is believed that the headquarters of the Sandworm hacking group is in Novator Business center Khimki, Moscow.
The U.S. Says The Accused Must Face Justice Individually
U.S. Attorney for the Western District of Pennsylvania Scott W. Brady described the actions of the Sandworm group as ‘representing the most destructive and costly cyber-attacks in history.
Brady added that Russian government officials committed the crimes against real victims that suffered real harm. Those who committed the crimes should be held accountable personally for their crimes irrespective of their affiliations to the Russian government. He stated that it doesn’t matter who they work for or where they reside, law enforcement must seek justice on behalf of these people.
Last month, the Biden administration warned that there is strong intelligence that Russia is preparing to launch a new state-sponsored attack on Ukraine, the U.S., and other nations
In line with Brady’s statement, FBI Deputy Director David Bowdich stated that Russia has proven that they are not ready to abide by accepted terms and wants to continue its destabilizing and destructive cyber actions.