Feds offer big rewards for info on suspected Russian Sandworm intel officers

Uncle Sam will dole out up to $10 million for vital information on each of six Russian GRU officers linked to the Kremlin-backed Sandworm gang, who, according to the Feds, have plotted to carry out destructive cyber-attacks against American critical infrastructure.

It's hoped the money, offered via the US Department of State's Rewards for Justice program, will lead to the snaring of the following men said to be Russian intelligence officers: Yuriy Sergeyevich Andrienko (Юрий Сергеевич Андриенко), Sergey Vladimirovich Detistov (Сергей Владимирович Детистов), Pavel Valeryevich Frolov (Павел Валерьевич Фролов), Anatoliy Sergeyevich Kovalev (Анатолий Сергеевич Ковалев), Artem Valeryevich Ochichenko (Артем Валерьевич Очиченко), and Petr Nikolayevich Pliskin (Петр Николаевич Плискин).

According to the US government, these are all members of the GRU's Unit 74455, also known as Sandworm, and they "deployed destructive malware and took other disruptive actions for the strategic benefit of Russia through unauthorized access to victim computers," according to the State Department.

All six officers have been charged with conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft offenses. And one of the six — Kovalev — was previously charged with meddling in the 2016 US elections.

Kovalev also developed spear-phishing techniques and messages that the Russian government used to target computer systems of critical infrastructure facilities worldwide, according to the State Department.

Meanwhile, Ochichenko conducted technical reconnaissance and helped carry out these spear phishing campaigns against critical infrastructure owners and operators, it is claimed.

And the four other men — Pliskin, Detistov, Frolov, and Andrienko — allegedly developed components of the NotPetya malware that Moscow used in 2017 to infect computer systems of hospitals and critical infrastructure facilities worldwide. This outbreak cost US entities alone about $1 billion in financial losses, it is said.

• Five Eyes nations fear wave of Russian attacks against critical infrastructure
• Feds take down Kremlin-backed Cyclops Blink botnet
• Feds offer $5m reward for info on North Korean cyber crooks
• Cyclops Blink malware sets up shop in ASUS routers

Sandworm has been increasing its nefarious cyber activities since Russia invaded Ukraine. In early April the US Justice Department revealed details of a court-authorized take-down of command-and-control systems that the gang used to direct network devices infected by its Cyclops Blink malware. This botnet software nasty allows the systems to be remote controlled to carry out attacks on behalf of its masterminds — in this case, the GRU, a Russian military foreign intelligence outfit.

Additionally, Cyclops Blink, according to UK and US intel agencies, is Sandworm's replacement for VPNFilter, which it used to target routers and storage devices in 2018. 

Just last week, all Five Eyes nations' cybersecurity agencies urged critical infrastructure to be ready for attacks by crews backed by or sympathetic to the Kremlin. This joint alert named Sandstorm as one of the state-sponsored gangs and provided technical details about the team and its activities. ®