US offers $10 million reward for tips on Russian Sandworm hackers

The U.S. is giving up to $10 million to detect or find six Russian GRU hackers who are portion of the notorious Sandworm hacking team.

This bounty is getting provided as element of the Division of State’s Benefits for Justice system, which rewards informants for details main to determining or locating international govt threat actors who perform destructive cyber operations from U.S. significant infrastructure.

Nowadays, the U.S. Office of Condition declared that they are looking for facts on six Russian officers of the Primary Intelligence Directorate of the Basic Team of the Armed Forces of the Russian Federation (GRU) for their alleged purpose in malicious cyberattacks in opposition to U.S. significant infrastructure.

“GRU officers Yuriy Sergeyevich Andrienko (Юрий Сергеевич Андриенко), Sergey Vladimirovich Detistov (Сергей Владимирович Детистов), Pavel Valeryevich Frolov (Павел Валерьевич Фролов), Anatoliy Sergeyevich Kovalev (Анатолий Сергеевич Ковалев), Artem Valeryevich Ochichenko (Артем Валерьевич Очиченко), and Petr Nikolayevich Pliskin (Петр Николаевич Плискин) ended up associates of a conspiracy that deployed damaging malware and took other disruptive steps for the strategic advantage of Russia by way of unauthorized access to sufferer personal computers,” the Division of State introduced today.

In 2020, the Department of Justice indicted all 6 persons for getting part of the elite Russian hacking team identified as Sandworm (also recognized as Workforce, Telebots, Voodoo Bear, and Iron Viking).

All six persons have been billed with conspiracy to perform computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, harmful protected personal computers, and aggravated identification theft.

Hacking routines involved with the Sandworm group include things like:

• Harmful malware attacks in opposition to Ukraine’s electric powered electrical power grid, Ministry of Finance, and Condition Treasury Services, employing malware recognised as BlackEnergy, Industroyer, and KillDisk
• April and May well 2017 spearphishing campaigns and relevant hack-and-leak efforts targeting French President Macron’s “La République En Marche!” (En Marche!) political social gathering, French politicians, and community French governments before the 2017 French elections
• The 2017 destructive malware assaults that infected desktops around the globe working with malware recognised as NotPetya, including hospitals and other health-related facilities in the Heritage Valley Overall health Method (Heritage Valley) in the Western District of Pennsylvania a FedEx Company subsidiary, TNT Convey B.V. and a huge U.S. pharmaceutical manufacturer, which alongside one another experienced practically $1 billion in losses from the assaults
• December 2017 by means of February 2018 spearphishing campaigns and malicious mobile applications focusing on South Korean citizens and officers, Olympic athletes, associates, and site visitors, and Intercontinental Olympic Committee (IOC) officials
• December 2017 by February 2018 intrusions into personal computers supporting the 2018 PyeongChang Winter season Olympic Games, which culminated in the Feb. 9, 2018, damaging malware attack versus the opening ceremony, applying malware identified as Olympic Destroyer
• April 2018 spearphishing campaigns concentrating on investigations by the Organisation for the Prohibition of Chemical Weapons (OPCW) and the United Kingdom’s Defence Science and Technological innovation Laboratory (DSTL) into the nerve agent poisoning of Sergei Skripal, his daughter, and numerous U.K. citizens and
• A 2018 spearphishing campaign focusing on a main media firm, 2019 efforts to compromise the network of Parliament, and a wide-ranging site defacement campaign in 2019.
• The creation of the Cyclops Blink botnet using a vulnerability in WatchGuard Firebox gadgets. The U.S. govt disabled this botnet in advance of the danger actors applied the malware to perform attacks.
• April 2022 attacks on a large Ukrainian power supplier with a new variant of the Industroyer malware for industrial regulate devices (ICS) and a new variation of the CaddyWiper facts destruction malware.

The Benefits of Justice has established up a Tor web site at he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion that can be made use of to submit tips about these risk actors anonymously, and many others.

The Benefits of Justice is hunting for info on other danger actors, including REvil ransomware, DarkSide ransomware,  North Korean cybercrime menace actors, and nation-point out hackers targeting U.S. firms and vital infrastructure sectors.