On October 15, 2020, the United States Department of Justice charged six Russian military officials for conspiring in a Russian cyberwarfare operation known as Sandworm.
From the investigation that ensued, each suspect was determined to be an officer in the Russian Main Intelligence Directorate (GRU); a branch that serves within Russia’s General Staff of the Armed Forces.
“No country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite,” said Assistant Attorney General for National Security, John C. Demers.
As a group, these individuals are accused of cyber-attacks that were intended to sabotage national economies, interrupt government elections, cover up weapon testing, and more.
What Is GRU Responsible For?
While cyber-warfare is no new concept for most militarized countries, the level of destruction Operation Sandstorm was able to achieve since its launch in late 2015 is remarkable. Using some of the most malicious programs known to date, GRU was able to cause wide-spread blackouts, disrupt an entire Olympic event, and steal nearly $1 billion dollars in revenue from both small and large sized businesses across the United States.
“The FBI has repeatedly warned that Russia is a highly capable cyber adversary, and the information revealed in this indictment illustrates how pervasive and destructive Russia’s cyber activities truly are,” said FBI Deputy Director, David Bowdich.
Although the case is currently under investigation, the recently released court documents conclude that GRU played a significant role in the following hacking events:
- 2015: Launched malware to disrupt Ukraine’s Ministry of Finance, State Treasury Service, and a Ukranian power grid.
- 2017: Sparked a successful phishing campaign that resulted in the leak of French President Macron’s private emails; along with other French politicians.
- 2017: Developed a malware known as NotPetya to infect, disrupt, and steal revenue from multiple U.S. healthcare and shipping organizations.
- 2017: Launched a phishing campaign that targeted Olympic officials, athletes, partners and visitors to disrupt the IT infrastructure of the PyeongChang Winter Olympics.
- 2018: Created a spearphishing campaign in an attempt to cover up Russia’s involvement in the death of Sergei Skripal and multiple U.K citizens.
- 2018: Developed a spearphishing campaign targeting a major European media organization and nearly 15,000 websites.
Results of GRU’s Operation Sandworm
Despite some of these attacks seeming somewhat narrow-minded in their targets, the reality is that GRU and the Russian military showed no respect for the well-being of affected individuals or the businesses that endured collateral damage. Furthermore, because many of these attacks were the result of successful phishing campaigns, it’s likely that other cybercriminal groups will learn from these events and conduct similar attacks to achieve comparable results. In turn, it’s critical for businesses to have the proper technology and training in place to thwart these attacks before they take shape.
An Easy Way to Prevent Cybersecurity Attacks
To accomplish this, security awareness training is needed to help teams begin to understand current phishing threats and how to spot them. During training sessions conducted by Rocket IT’s cybersecurity experts, individuals learn about new email spoofing techniques, how to detect fake URL links, and what to look for when reviewing an email’s content.
Once the initial training is complete, regular phishing testing can be used to detect any vulnerabilities within the organization. Rocket IT uses a training platform that sends out harmless, simulated phishing emails. It then tracks the number of individuals that took the bait and clicked the email; allowing organizations to effectively train and hopefully prevent future attacks. For more information on security awareness training or phishing testing, fill out the contact form below, or give Rocket IT a call at 770.441.2520.