The U.S. Department of Justice has indicted six Russians related to the so-called “Sandworm” hacking group that’s allegedly linked to hacking incidents, including those that targeted the Pyeongchang Winter Olympics, the 2017 French elections and the NotPetya ransomware attacks.

The six hackers, alleges the indictment unsealed today, are all members of Unit 74455 of the Russian Main Intelligence Directorate, a military intelligence agency of the General Staff of the Armed Forces.

Sandworm, also known as APT 28 and Fancy Bear has been linked to various hacks over the previous four to five years. In August 2017 it was reported that APT 28 was using U.S. National Security Agency leak exploits to target high-profile hotel guests. MacOS malware discovered in February 2017 was also linked to the same group. In August 2018, Microsoft Corp. shut down some domains used by the group, but it was equivalent to swatting a few flies in a swarm.

The analogy of flies is also apt when it comes to these indictments. Like various indictments from the DOJ when it comes to alleged state-sponsored hackers over the past few years, they’re arguably virtue signaling. Although any warrant that ends up on an INTERPOL “red notice” means that those named run the risk of being arrested in the West, the reality is that alleged Chinese and Russian state-sponsored hackers indicted under American warrants rarely if ever travel abroad and are rarely caught.

Still, what these allegedly state-sponsored hackers do is serious business.

“The tactics employed in Sandworm’s campaigns align with GRU’s philosophy of leveraging aggressive and sometimes destructive cyberattacks,” Kacey Clark, threat researcher at risk protection software firm Digital Shadows Ltd., told SiliconANGLE. “The charges filed against Sandworm represent not only the first criminal charges against Sandworm for its most destructive attacks but the first time that most of the charged threat actors have been publicly identified as members of the cybercriminal group.”

She noted that they also represent the first global law enforcement reaction to their deployment of the NotPetya ransomware that crippled networks worldwide.

“Considering the Russian Main Intelligence Directorate (GRU) allegedly sponsored Sandworm, its members’ arrest and extraction are unlikely,” Clark said. “However, it is possible that authorities would impose sanctions against the alleged cybercriminals and the GRU unit that sponsors them, considering this countermeasure has previously been used. For now, Sandworm’s indictments will limit their ability to use the Western financial system or travel to any country that may have an extradition agreement with the U.S.”

Image: Pixabay