DOJ Charges 6 GRU Hackers for NotPetya Wiper Attacks

The U.S. Department of Justice has indicted six Russian intelligence operatives for the 2017 NotPetya malware attacks and other major hacking operations. All six individuals are believed to be members of Russia’s Main Intelligence Directorate, GRU, and specifically GRU Unit 74455, otherwise known as Sandworm.

The hackers are believed to be responsible for the June 27, 2017 destructive NotPetya attacks, which have been estimated to have caused more than $10 billion in damages. Victims included TNT Express, Maersk, pharmaceutical giant Merck, and many others, including several hospitals and medical centers.

The hackers also conducted spear phishing attacks to disrupt the 2017 French Elections, including attacks on local French government, President Macron’s political party, and several French politicians. The hackers conducted multiple attacks on Ukraine’s electric power grid, the Ministry of Finance, and the State Treasury Service using BlackEnergy, Industroyer, and KillDisk malware.

They also conducted cyberattacks on the PyeongChang Winter Olympics hosts, participants, partners, and attendees, attempted to disrupt investigations by the Organisation for the Prohibition of Chemical Weapons (OPCW) and the United Kingdom’s Defence Science and Technology Laboratory (DSTL) into the Salisbury Novichok poisonings, and several attacks on Georgian companies and government entities.

“The crimes committed by these defendants and Unit 74455 are truly breathtaking in their scope, scale and impact,” said U.S. Attorney for the Western District of Pennsylvania, Scott Brady. “These are not acts of traditional spying against governments. Instead, these are crimes committed by Russian government officials against real victims who suffered real harm.”

The six suspects are Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko and Petr Nikolayevich Pliskin, each of whom have been charged with 7 counts: conspiracy to conduct computer fraud and abuse, 2 counts of conspiracy to commit wire fraud, damaging protected computers, wire fraud, and 2 counts of aggravated identity theft.

The indictment also details the alleged hacking activities of each of the 6 individuals.

All six individuals reside in Russia, and since there is no extradition treaty between the two countries, it is unlikely that they will face a trial. Russia issued a statement following the announcement by the Department of Justice denying any involvement in the attacks, stating “Russia does not and did not have intentions to engage in any kind of destabilizing operations around the world…  Russia respects the sovereignty of other countries and does not interfere in their affairs.”

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of