U.S. Charges Russian GRU Officers with International Hacking and Related Influence and Disinformation Operations

@drawandstrike @HNIJohnMiller @catesduane @rising_serpent @_ImperatorRex_ @Debradelai @GodlessNZ @almostjingo @tracybeanz @TheChiIIum

justice.gov/opa/pr/us-char…

Conspirators Included a Russian Intelligence “Close Access” Hacking Team that Traveled Abroad to Compromise Computer Networks Used by Anti-Doping and Sporting Officials and Organizations Investigating Russia’s Use of Chemical Weapons

A grand jury in the Western District of Pennsylvania has indicted seven defendants, all officers in the Russian Main Intelligence Directorate (GRU), a military intelligence agency of the General Staff of the Armed Forces of the Russian Federation,

for computer hacking, wire fraud, aggravated identity theft, and money laundering.

***Will continue when I get time...at work, sorry. But that is the link***

According to the indictment, beginning in or around December 2014 and continuing until at least May 2018, the conspiracy conducted persistent and sophisticated computer intrusions...

affecting U.S. persons, corporate entities, international organizations, and their respective employees located around the world, based on their strategic interest to the Russian government.

Among the goals of the conspiracy was to publicize stolen information as part of an influence and disinformation campaign designed to undermine, retaliate against, and otherwise delegitimize the efforts of international anti-doping organizations and officials...

who had publicly exposed a Russian state-sponsored athlete doping program and to damage the reputations of athletes around the world by falsely claiming that such athletes were using banned or performance-enhancing drugs.

The charges were announced at a press conference by Assistant Attorney General for National Security John C. Demers, United States Attorney for the Western District of Pennsylvania Scott W. Brady,

FBI Deputy Assistant Director for Cyber Division, Eric Welling, and Director General Mark Flynn for the Royal Canadian Mounted Police.

"State-sponsored hacking and disinformation campaigns pose serious threats to our security and to our open society,

Their actions extended beyond borders, but so did the FBI’s investigation. We worked closely with our international partners to identify the actors and disrupt their criminal campaign - and today, we are sending this message:

The FBI will not permit any government, group, or individual to threaten our people, our country, or our partners. We will work tirelessly to find them, stop them, and bring them to justice.”

“We want the hundreds of victims of these Russian hackers to know that we will do everything we can to hold these criminals accountable for their crimes,” said U.S. Attorney Brady. State actors who target U.S. citizens & companies are no different than any other common criminal:

they will be investigated and prosecuted to the fullest extent of the law.”

The defendants, all Russian nationals and residents, are Aleksei Sergeyevich Morenets, 41, Evgenii Mikhaylovich, Serebriakov, 37, Ivan Sergeyevich Yermakov, 32, Artem Andreyevich Malyshev, 30,

and Dmitriy Sergeyevich Badin, 27, who were each assigned to Military Unit 26165, and Oleg Mikhaylovich Sotnikov, 46, and Alexey Valerevich Minin, 46, who were also GRU officers.

The indictment alleges that defendants Yermakov, Malyshev, Badin, and unidentified conspirators, often using fictitious personas and proxy servers, researched victims, sent spearphishing emails, and compiled, used, and monitored malware command and control servers.

When the conspirators’ remote hacking efforts failed to capture log-in credentials, or if the accounts that were successfully compromised did not have the necessary access privileges for the sought-after information, teams of GRU technical intelligence officers,

including Morenets, Serebriakov, Sotnikov, and Minin, traveled to locations around the world where targets were physically located. Using specialized equipment, and with the remote support of conspirators in Russia, including Yermakov,

these close access teams hacked computer networks used by victim organizations or their personnel through Wi-Fi connections, including hotel Wi-Fi networks. After a successful hacking operation, the close access team transferred such access to conspirators in RU for exploitation.

Among other instances, the indictment alleges that following a series of high-profile independent investigations starting in 2015, which publicly exposed Russia’s systematic state-sponsored subversion of the drug testing processes prior to, during,

and subsequent to the 2014 Sochi Winter Olympics (according to one report, known as the “McLaren Report”), the conspirators began targeting systems used by international anti-doping organizations and officials.

After compromising those systems, the defendants stole credentials, medical records, and other data, including information regarding therapeutic use exemptions (TUEs), which allow athletes to use otherwise prohibited substances.

Using social media accounts and other infrastructure acquired and maintained by GRU Unit 74455 in Russia, the conspiracy thereafter publicly released selected items of stolen information, in many cases in a manner that did not accurately reflect their original form,

under the false auspices of a hacktivist group calling itself the “Fancy Bears’ Hack Team.” As part of its influence and disinformation efforts, the Fancy Bears’ Hack Team engaged in a concerted effort to draw media attention to the leaks through a proactive outreach campaign.

The conspirators exchanged e-mails and private messages with approximately 186 reporters in an apparent attempt to amplify the exposure and effect of their message.

Each defendant is charged with one count of conspiracy to commit computer fraud and abuse, which carries a maximum sentence of five years in prison, one count each of conspiracy to commit wire fraud and conspiracy to commit money laundering,

both of which carry a maximum sentence of 20 years. Defendants Morenets, Serebriakov, Yermakov, Malyshev, and Badin are each also charged with two counts of aggravated identity theft, which carries a consecutive sentence of two years in prison.

Defendant Yermakov is also charged with five counts of wire fraud, which carries a maximum sentence of 20 years.

Defendants Yermakov, Malyshev, and Badin are also charged defendants in federal indictment number CR 18-215 in the District of Columbia,

& accused of conspiring to gain unauthorized access into the computers of U.S. persons & entities involved in the 2016 U.S. presidential election, steal documents from those computers, & stage releases of the stolen documents to interfere with the 2016 U.S. presidential election.

According to the indictment:

Context of the Hacking and Related Influence and Disinformation Efforts

In July 2016, the World Anti-Doping Agency’s (WADA) Independent Person Report (the “First McLaren Report”) was released,

describing Russia’s systematic state-sponsored subversion of the drug testing process prior to, during, and subsequent to the 2014 Sochi Winter Olympics. This investigation had the support of advocates for clean sports, including the United States Anti-Doping Agency (USADA),

the Canadian Centre for Ethics in Sport (CCES, Canada’s anti-doping agency). Eventually, in some instances only after arbitration rulings by the International Court of Arbitration for Sport (TAS/CAS),

approximately 111 Russian athletes were excluded from the 2016 Summer Olympic Games, in Rio de Janeiro, Brazil, by a number of international athletics federations, including track-and-field’s International Association of Athletics Federations (IAAF).

The International Paralympic Committee (IPC) further imposed a blanket ban of Russian athletes from the 2016 Paralympic Games, which were also held in Rio.

Intrusion Activities in Rio de Janeiro, Brazil

Days after the release of the First McLaren Report and the International Olympic Committee’s and IPC’s subsequent decisions regarding the exclusion of Russian athletes, the conspirators prepared to hack into the networks of WADA,