HomeTechnologyNewsUS Offers $10 Million Reward for Clues to Russian Sandworm Hackers

US Offers $10 Million Reward for Clues to Russian Sandworm Hackers


The United States is offering up to $10 million to identify or locate six Russian GRU hackers who are part of the notorious Sandworm hacking group.

This reward is being offered as part of the Department of State’s Rewards for Justice program, which rewards whistleblowers for information leading to the identification or location of foreign government threat actors conducting malicious cyber operations against critical U.S. infrastructure. USA

Today, the US Department of State announced that they are seeking information on six Russian officers from the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU) for their suspected role in malicious cyberattacks against infrastructure. US criticism

“Official GRU Yuriy Sergeyevich Andrienko (Юрий Сергеевич Андриенко), Sergey Vladimirovich Detistov (Сергей Владимирович Детистов), Pavel Valeryevich Frolov (Павел Валерьевич Фролов), Anatoliy Sergeyevich Kovalev (Анатолий Сергеевич Ковалев), Artem Valeryevich Ochichenko (Артем Валерьевич Очиченко) and Petr Nikolayevich Pliskin (Петр Николаевич Плискин) were members of a conspiracy that deployed destructive malware and took other disruptive actions for Russia’s strategic benefit through unauthorized access to victims’ computers,” the State Department announced today.

Rewards of Justice Seeks Tips on Suspected SandWorm Hackers
Rewards of Justice Seeks Tips on Suspected Sandworm Hackers

In 2020, the Department of Justice indicted the six for being part of the elite Russian hacking group known as Sandworm (also known as Team, Telebots, Voodoo Bear, and Iron Viking).

The six people were charged with conspiracy to commit computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft.

Hacking activities associated with the Sandworm group include:

  • Destructive malware attacks against Ukraine’s power grid, the Ministry of Finance, and the State Treasury Service, using known malware such as BlackEnergy, Industroyer, and KillDisk;
  • April and May 2017 Phishing campaigns and related hacking and leaking efforts targeting “La République En Marche!” of French President Macron. (En Marche!) Political party, French politicians and French local governments before the 2017 French elections;
  • The 2017 destructive malware attacks that infected computers worldwide using malware known as NotPetya, including hospitals and other medical facilities in Heritage Valley Health System in the Western District of Pennsylvania; to the subsidiary of FedEx Corporation, TNT Express BV; and a large US pharmaceutical manufacturer, which together suffered nearly $1 billion in losses from the attacks;
  • From December 2017 to February 2018, phishing campaigns and malicious mobile apps targeting South Korean citizens and officials, Olympic athletes, partners and visitors, and International Olympic Committee (IOC) officials;
  • December 2017 to February 2018 intrusions into computers supporting the 2018 PyeongChang Winter Olympics, culminating in the February 9, 2018 destructive malware attack on the opening ceremony, using malware known as Olympic Destroyer ;
  • April 2018 spearphishing campaigns targeting the UK’s Organization for the Prohibition of Chemical Weapons (OPCW) and Defense Science and Technology Laboratory (DSTL) investigations into the nerve agent poisoning of Sergei Skripal, his daughter and several UK citizens; Y
  • A 2018 spear phishing campaign targeting a major media company, 2019 efforts to compromise Parliament’s network, and a wide-reaching website defacement campaign in 2019.
  • The creation of the Cyclops Blink botnet using a vulnerability in WatchGuard Firebox appliances. The US government disabled this botnet before attackers used the malware to carry out attacks.
  • April 2022 attacks on a large Ukrainian energy provider with a new variant of the Industroyer malware for industrial control systems (ICS) and a new version of the CaddyWiper data destruction malware.

The Rewards of Justice has created a Tor site at he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion that can be used to anonymously submit tips about these threat actors and others.

The Rewards of Justice is seeking information on other threat actors, including REvil ransomware, DarkSide ransomware, North Korean cyber threat actors, and nation-state hackers targeting U.S. companies and security sectors. critical infrastructure.

Must Read

%d bloggers like this: