Following DOJ indictment, a look back on NotPetya and Olympic Destroyer research. [Research Saturday]

On October 15, 2020, a federal grand jury in Pittsburgh returned an indictment charging six Russian GRU officers with conspiracy, computer hacking, wire fraud, aggravated identity theft, and false registration of a domain name. These hackers were residents and nationals of Russia and officers in Unit 74455 of the Russian Main Intelligence Directorate (GRU), a military intelligence agency. They engaged in computer intrusions and attacks to support Russian government efforts to undermine, retaliate against, or otherwise destabilize Ukraine, Georgia, elections in France, efforts to hold Russia accountable for its use of a weapons-grade nerve agent, and the 2018 PyeongChang Winter Olympic Games. Their attacks used destructive malware such as KillDisk, Industroyer, NotPetya, and Olympic Destroyer, causing significant damage and financial losses. The indictment and Cisco's research on NotPetya and Olympic Destroyer can be found online.