Russians indicted in Westinghouse hack
CRANBERRY TWP — A grand jury has indicted seven Russian military intelligence officers for cyber attacks against companies and organizations worldwide, including Cranberry Township-based Westinghouse Electric Co.
Westinghouse was one of the targets of Russian cyberattack operations stretching back to 2014, according to a release by the Department of Justice Thursday morning.
“Today we are indicting seven GRU officers for multiple felonies each, including the use of hacking to spread the personal information of hundreds of anti-doping officials and athletes as part of an effort to distract from Russia’s state-sponsored doping program,” said Jeff Sessions, U.S. Attorney General, in the release. “The defendants in this case allegedly targeted multiple Americans and American entities for hacking, from our national anti-doping agency to the Westinghouse Electric Company near Pittsburgh.”
According to the release, the attacks were directed at companies and anti-doping organizations that exposed a Russian state-sponsored athlete doping program. They were part of Russian disinformation campaigns, according to prosecutors.
No evidence has surfaced suggesting these attacks against Westinghouse were successful, according to the company.
The indictment lists seven intelligence officers, all for Russian Main Intelligence Directorate (GRU), a military intelligence agency of the General Staff of the Armed Forces of the Russian Federation.
They are charged with computer hacking, wire fraud, aggravated identity theft and money laundering, according to a release by the Department of Justice.
According to the indictment, these officers researched victims and used fake names, proxy servers, spearphishing emails, malware and more to attempt to gain access to networks and steal information from targeted organizations and their employees.
When remote attacks were unable to bypass security measures, officers would have to go on-site to use specialized equipment to hack networks through Wi-Fi connections.
One of the defendants, Ivan Sergeyevich Yermakov, targeted Westinghouse as early as Nov. 20, 2014, according to the DOJ.
He and cohorts “performed reconnaissance” of the company’s networks and employees, created a fake Westinghouse domain and sent “spearphishing” emails to company employees’ work and personal email accounts.
These were designed to harvest login credentials to gain access to company networks and information.
The release did not say whether these attacks were successful and Westinghouse spokeswoman Sarah Cassella said the company has no reason to believe that their security was compromised.
“We have found no evidence that the phishing campaigns against employees to breach Westinghouse’s systems were successful,” she said in an email. “The safety and security of our systems and information is a top priority and we maintain robust processes and procedures to protect against cybersecurity threats.”
The release listed the defendants, all Russian nationals and residents, as Aleksei Sergeyevich Morenets, 41, Evgenii Mikhaylovich Serebriakov, 37, Yermakov, 32, Artem Andreyevich Malyshev, 30, and Dmitriy Sergeyevich Badin, 27, who were each assigned to Military Unit 26165; and Oleg Mikhaylovich Sotnikov, 46, and Alexey Valerevich Minin, 46, who were also GRU officers.
Each is charged with one count of conspiracy to commit computer fraud and abuse, carrying a maximum sentence of five years in prison; and one count of conspiracy to commit wire fraud and conspiracy to commit money laundering, both carrying a maximum sentence of 20 years in prison, according to the release.
“Defendants Morenets, Serebriakov, Yermakov, Malyshev, and Badin are each also charged with two counts of aggravated identity theft, which carries a consecutive sentence of two years in prison,” it states. “Defendant Yermakov is also charged with five counts of wire fraud, which carries a maximum sentence of 20 years.”
Once information was stolen, it would then be publicized, often misleadingly, by a group posing as a hacktivist group called “Fancy Bears’ Hack Team,” the release said, as a part of Russian influence and disinformation efforts.
FBI Director Christopher Wray touted their investigation leading to the indictments as “the FBI at its best.”
“The actions of these seven hackers, all working as officials for the Russian government, were criminal, retaliatory, and damaging to innocent victims and the United States’ economy, as well as to world organizations,” he said. “Their actions extended beyond borders, but so did the FBI’s investigation. We worked closely with our international partners to identify the actors and disrupt their criminal campaign — and today, we are sending this message: The FBI will not permit any government, group, or individual to threaten our people, our country, or our partners. We will work tirelessly to find them, stop them, and bring them to justice.”
Officials plan to release more information at a news conference Friday in Pittsburgh.
