U.S Government is offering up to $10 million USD to locate six Russian intelligence agency members who worked for Sandworm hacking group

The U.S. State Department is offering a $10 million USD reward to anyone who provides information that leads to the arrest of six hackers collaborating with the GRU, Russia’s military intelligence agency. The hackers, linked to the dangerous Sandworm group, have been involved in dangerous campaigns, including the operation of the NotPetya ransomware in 2020.

NotPetya has been one of the most devastating cybersecurity threats, causing damage of around $10 billion USD worldwide and more than $1 billion in the U.S. alone.

Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko and Petr Nikolayevich Pliskin, GRU officers, face multiple charges for violations of the Computer Fraud and Abuse Act, as they allegedly tried to compromise critical infrastructure in the U.S.

While Andrienko, Pliskin, Detistov and Frolov have been identified as alleged developers of the malware’s components, Kovalev and Ochichenko have reportedly managed various phishing campaigns targeting potential victims of the attacks.

In its report, the State Department says these Russian officials are members of what it called a “criminal conspiracy” to infect systems in the U.S. and the rest of the world with highly destructive malware: “These cyber intrusions damaged computers of hospitals and other medical facilities in the Heritage Valley Health System in western Pennsylvania, a large U.S. pharmaceutical manufacturer, and other US private sector entities”, the Department assures.

The six officials have been known to have worked in the hacking group Unit 74455, also known as Voodoo Bear, Iron Viking or Telebots. This group has been linked to other hacking campaigns in Ukraine, France and South Korea.

In some of these attacks, the group would have employed malware variants such as KillDisk and Industroyer for the compromise of critical infrastructure such as the Ukrainian power grid. The hackers also used the Olympic Destroyer malware to target pro-Emmanuel Macron organizations and South Korean public agencies.

After months of acting low-key, the group resumed its activities a couple of months ago, when the Russian military invasion of Ukraine began, taking charge of deploying disruptive cyberattacks against critical infrastructure and government agencies.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.