US offering $10m reward for information on Russian hackers

Man without identity programing in technology enviroment with cyber icons and symbols

The US State Department has said it will pay up to $10 million for information leading to the capture of a group of Russian cybercriminals.

In its Tuesday press release, the State Department said it’s seeking information on six individuals who were allegedly involved in a criminal conspiracy, circa 2017, designed to infect computers worldwide with destructive malware — otherwise known as NotPetya.

The reported attack brought damage to computers within hospitals and other medical facilities in the Pennsylvania-based Heritage Valley Health System — one of America’s largest pharmaceutical manufacturers — along with other private-sector entities in the region.

All told, the cyberattack produced damage of nearly $1 billion, according to the State Department.

The six individuals allegedly connected to the attack — Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko, and Petr Nikolayevich Pliskin — worked as officers in the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU), Unit 74455. 

Citing the press release, in cybersecurity circles, the Russian group has the code-name monikers of “Sandworm Team, Telebots, Voodoo Bear, and Iron Viking.”

Back in October 2020, the six Russian cybercriminals were indicted by a federal jury on multiple counts, including conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, and aggravated identity theft.

Last week, three federal U.S. agencies and a number of worldwide partners issued a joint advisory, warning that Russia’s cyber threats against infrastructure targets could extend beyond the borders of Ukraine.

In its statement, the Cybersecurity and Infrastructure Security Agency (CISA) cited the advisory as “the most comprehensive view of the cyber threat posed by Russia to critical infrastructure released by government cyber experts since the invasion of Ukraine,” which dates back to Feb. 24.

The CISA advisory also provided alerts of perpetrators from the Russian Federal Security Service (FSB), Russian Foreign Intelligence Service (SVR), Russian General Staff Main Intelligence Directorate (GRU), and the Russian Ministry of Defense, Central Scientific Institute of Chemistry and Mechanics potentially executing “malicious cyber operations” in the coming weeks.

The reward monies for crucial information provided to the State Department, or other federal officials, will derive from the Rewards For Justice program.