They are all members of Unit 74455 of the Russian Main Intelligence Directorate (GRU).
A grand jury in Pittsburgh, Pennsylvania, just indicted six members of this Russian military unit for unleashing some of the most widespread and damaging cyberattacks ever seen.
The NotPetya cyberattack crashed networks around the globe, doing billions in damage. But the GRU members being charged in this case started with other strains of malware and a narrow target: Ukraine's power grid.
U.S. Assistant Attorney General for National Security, John Demers, says the power grid attacks in 2015 and 2016 were the first known destructive attacks against civilian critical infrastructure. They plunged Ukraine's cities into darkness. Again, that was the start. According to Demers:
"From there, the conspirators' destructive path... widened to encompass virtually the whole world. In what is commonly referred to as the most destructive and costly cyber attack ever, the conspirators unleashed the 'NotPetya' malware.
Although it masqueraded as ransomware, designed to extort money, this was a false flag: the co-conspirators designed the malware to spread with devastating and indiscriminate alacrity—bringing down entire networks in seconds and searching for remote computer connections through which to attack additional innocent victims, all without hope of recovery or repair. The entirely foreseeable result was that the worm quickly spread globally, shutting down companies and inflicting immense financial harm."
Following that, the hackers in this case used cyber to respond to a source of national embarrassment for Russia.
Russia's Olympic athletes and programs felt the sting of international penalties for illegal doping. And members of GRU Unit 74455 launched an attack to sting back.
Demers did not hold back on this allegation:
"Their cyber attack combined the emotional maturity of a petulant child with the resources of a nation state. They conducted spearphishing campaigns against South Korea, the host of the 2018 PyeongChang Winter Olympic Games, as well as the International Olympic Committee, Olympic partners, and athletes.
Then, during the opening ceremony, they launched the 'Olympic Destroyer' malware attack, which deleted data from thousands of computers supporting the Games, rendering them inoperable. Although the conspirators took steps to pin the Olympic Destroyer attack on North Korea, this second false-flag attempt also failed. Cybersecurity researchers ultimately attributed the attack to Sandworm Team, as we do today."
[RELATED: Like a Spy Movie: How Russia Hacked Its Olympic Enemies]
Here is a look at the different players charged in the NotPetya and Olympic Destroyer cyberattacks, and their involvement, according to the U.S. Department of Justice:
Now, let's look at a chronological account of the cyberattacks the suspects in this case are charged with unleashing on the world. We'll include details on the malware variants being used, as well.
These charges come shortly after Russian leaders said they would like to enter a new era of cyber collaboration and norm setting with the United States.
Demers says these charges, and the related cyberattacks, show how absurd something like that would be.
"Today's allegations, in their entirety, provide a useful lens for evaluating Russia's offer two weeks ago of a cyber 'reset' between Russia and the United States.
Russia is certainly right that technologically sophisticated nations that aspire to lead have a special responsibility to secure the world order and contribute to widely accepted norms, peace and stability. That's what we're doing here today.
But this indictment lays bare Russia's use of its cyber capabilities to destabilize and interfere with the domestic political and economic systems of other countries, thus providing a cold reminder of why its proposal is nothing more than dishonest rhetoric and cynical and cheap propaganda."
Read Demer's complete remarks for yourself.
Related podcast: Cybersecurity, Geopolitics, and the Threat Landscape