A U.S. grand jury today indicted seven defendants, all officers in the Russian Main Intelligence Directorate (GRU), for hacking, wire fraud, identity theft, and money laundering.
According to the U.S. Department of Justice's announcement, these individuals were part of a campaign to retaliate and delegitimize the international anti-doping organizations who exposed a Russian state-sponsored athlete doping program.
As part of this conspiracy, these seven officers allegedly hacked into the accounts of anti-doping officials from various agencies in order to steal information and disseminate it in order to tarnish their reputation. It is reported that the defendants also attempted to release misinformation that indicates other athletes from around the world were performance-enhancing drugs.
"State-sponsored hacking and disinformation campaigns pose serious threats to our security and to our open society, but the Department of Justice is defending against them," Attorney General Jeff Sessions said in an announcement. "Today we are indicting seven GRU officers for multiple felonies each, including the use of hacking to spread the personal information of hundreds of anti-doping officials and athletes as part of an effort to distract from Russia’s state-sponsored doping program. The defendants in this case allegedly targeted multiple Americans and American entities for hacking, from our national anti-doping agency to the Westinghouse Electric Company near Pittsburgh. We are determined to achieve justice in these cases and we will continue to protect the American people from hackers and disinformation."
This stolen information and other falsified information was then released via social media under the "Fancy Bears’ Hack Team" alias. Using social media networks, such as Twitter, the group would contact reporters and provide them with information in order to generate media attention.
"As part of its influence and disinformation efforts, the Fancy Bears’ Hack Team engaged in a concerted effort to draw media attention to the leaks through a proactive outreach campaign," the announcement stated. "The conspirators exchanged e-mails and private messages with approximately 186 reporters in an apparent attempt to amplify the exposure and effect of their message."
The defendants are Aleksei Sergeyevich Morenets, Evgenii Mikhaylovich, Serebriakov, Ivan Sergeyevich Yermakov, Artem Andreyevich Malyshev, and Dmitriy Sergeyevich Badin, who were assigned to Military Unit 26165, and Oleg Mikhaylovich Sotnikov, and Alexey Valerevich Minin who were also GRU officers.
An announcement by the United Kingdom National Cyber Security Centre (NCSC) has also identified other bad actors and hacking groups that are associated with GRU operatives.
The affiliated group names that GRU is said to operate under include APT 28, Fancy Bear, Sofacy, Pawnstorm, Sednit, CyberCaliphate, Cyber Berkut, Voodoo Bear, BlackEnergy Actors, STRONTIUM, Tsar Team, and Sandworm.
In May, Microsoft announced that they had disrupted a hacking campaign being conducted by APT 28 to perform a spear-phishing campaign against elected officials, politicians, and political organizations.
APT 28 has also been known to compromise legitimate tools, such as LoJack, in order to infiltrate organizations that use them and to utilize advanced malware such as the VPNFilter IoT botnet and the first UEFI rootkit in the wild called Lojax..