DOJ Charges 6 Sandworm APT Members in NotPetya Cyberattacks

2020-10-19 19:10

The Department of Justice on Monday announced charges against six Russian nationals who are allegedly tied to the Sandworm APT. The threat group is believed to have launched several high-profile cyberattacks over the past few years - including the destructive NotPetya cyberattack that targeted hundreds of firms and hospitals worldwide in 2017.

According to the DOJ complaint, the six Russian nationals are tied to a division of the Russian military intelligence service and also affiliated with the APT Sandworm, also known as TeleBots.

The DOJ said cyberattacks linked to the six defendants were "Breathtaking" in their scope and "Harmed ordinary people around the world," said Scott Brady, U.S. attorney with the Western District of Pennsylvania, in a DOJ press conference on Monday.

Threat researchers applauded the crackdown, saying that, while the arrest and extraction of the six Russian nationals seems unlikely, the indictments will limit their ability to use the Western financial system or travel to any country that may have an extradition agreement with the US. "The charges filed against Sandworm represent not only the first criminal charges against Sandworm for its most destructive attacks but the first time that most of the charged threat actors have been publicly identified as members of the cybercriminal group," Kacey Clark, Threat Researcher at Digital Shadows, told Threatpost.

Google's Threat Analysis Group, Cisco's Talos Intelligence Group, Facebook and Twitter were credited in helping the DOJ with its investigation.

News URL

https://threatpost.com/doj-charges-6-sandworm-apt-members-in-notpetya-cyberattacks/160304/

#APT #cyberattack #DOJ #notpetya