Seven Russian military officers were indicted on Oct. 4 for attempting to hack into the U.S. nuclear-power company Westinghouse as well as hacking multiple anti-doping agencies and other targets.
It was announced by Assistant Attorney General for National Security John Demers at an Oct. 4 press conference.
The hackers, he said, stole the medical information of 250 athletes from 30 countries and selectively released it in retaliation for the exposure of the Russian doping scandal of 2014.
One of the defendants, Ivan Yermakov, also targeted some Westinghouse employees with phishing emails, luring them into providing their login credentials to a fraudulent website that looked like the company’s website.
The login information would have enabled Yermakov to “gain access to their personal email accounts and ultimately Westinghouse’s network,” said U.S. Attorney for the Western District of Pennsylvania Scott Brady during the conference.
Westinghouse technology powers about half of the world’s nuclear power plants, according to its website. That includes a contract to supply nuclear reactor fuel to Ukraine. The company recently went bankrupt and was sold for $4.6 billion to the Brookfield Business Partners, a subsidiary of the Canadian $285 billion Brookfield Asset Management.
The indictment states that, starting Dec. 10, 2014, Yermakov and others targeted corporate email accounts of five Westinghouse employees. “Users were directed to the spoofed domain where their login credentials were stolen and saved,” it states.
By the end of 2015, the Russians also sent phishing emails to personal emails of four employees, two of whom clicked on the malicious link in the email, the indictment states, but stops short of asserting whether the employees’ emails were actually breached.
Demers later declined to provide details on whether the company network was breached, whether the attack was connected to Westinghouse’s Ukraine business, or elaborate beyond the contents of the indictment.
The company’s spokeswoman, Sarah Cassella, denied there being evidence of a successful intrusion.
“We have found no evidence that the phishing campaigns against employees to breach Westinghouse’s systems were successful. The safety and security of our systems and information is a top priority and we maintain robust processes and procedures to protect against cybersecurity threats,” she said via email. “We are cooperating with the Department of Justice regarding this matter, but are unable to comment regarding the specifics of the case as it is an on-going investigation.”
Whistleblowers and subsequent investigations revealed Russia had been running a state-sponsored doping scheme, where athletes were provided banned substances in exchange for a share of their salaries. Their doping test results were then falsified by Russian athletic officials.
The scandal led to more than 100 Russian athletes getting banned from the 2016 Olympics in Rio de Janeiro.
“They cheated, they got caught, they were banned from the Olympics, they were mad, and they retaliated,” Brady said. “And in retaliating, they broke the law. So they are criminals.”
The retaliation materialized as a hacking campaign against officials of the U.S. Anti-Doping Agency, World Anti-Doping Agency, Canadian Centre for Ethics in Sport, International Court of Arbitration for Sport, the International Olympic Committee, and the Fédération Internationale de Football Association (FIFA), the Justice Department explained in a press release.
Some of the defendants even traveled to other countries with diplomatic passports in order to hack local Wi-Fi networks momentarily used by targeted officials.
The defendants, all Russian nationals and residents, are Aleksei Sergeyevich Morenets, 41, Evgenii Mikhaylovich, Serebriakov, 37, Ivan Sergeyevich Yermakov, 32, Artem Andreyevich Malyshev, 30, and Dmitriy Sergeyevich Badin, 27—all assigned to Military Unit 26165. Others involved were Russian military intelligence officers Oleg Mikhaylovich Sotnikov, 46, and Alexey Valerevich Minin, 46.
Each defendant is charged with one count of conspiracy to commit computer fraud and abuse, with a maximum sentence of five years in prison, one count each of conspiracy to commit wire fraud and conspiracy to commit money laundering, both of which carry a maximum sentence of 20 years. Morenets, Serebriakov, Yermakov, Malyshev, and Badin are each also charged with two counts of aggravated identity theft, which carries a consecutive sentence of two years. Yermakov is also charged with five counts of wire fraud.
“We are determined to achieve justice in these cases and we will continue to protect the American people from hackers and disinformation,” Attorney General Jeff Sessions said in the release.
The defendants would need to travel to the United States or to a country with an extradition treaty with the United States for the Justice Department to get a chance to put them behind bars.
Demers said this investigation was “entirely separate” from the special counsel investigation into Russian interference with the 2016 presidential election. Three of the same defendants were previously charged by special counsel Robert Mueller for election interference.