The US Justice Department has charged six Russian intelligence officers for a series of cyber attacks worldwide, including the NotPetya ransomware attack that shut down Maersk Group’s IT systems and paralysed ports
On 15 October 2020, a federal grand jury in Pittsburgh, US, returned an indictment charging six computer hackers of causing the world’s most destructive cyber attack.
Those charged are residents and nationals of the Russian Federation and are alleged officers in Unit 74455 of the Russian main intelligence directorate (GRU).
The defendants are charged with seven indictments for causing around US$10Bn of damage worldwide, of which US$1Bn in losses was from three victims in the US, a healthcare centre, pharmaceutical company and subsidiary of Fedex.
This same NotPetya ransomware attack caused considerable damage to AP Moller-Maersk, forcing the Danish shipping giant to close its IT network and several container terminals.
Maersk Group estimated the NotPetya attack in June 2017 cost between US$200M to US$300M in loss of revenue and recovery costs.
Details of the group’s successful cyber security response and recovery following the NotPetya attack will be explained during Riviera Maritime Media’s Maritime Cyber Risk Management virtual conference on 3 November.
AP Moller-Maersk chief information security officer and cyber security team co-ordinator Andy Powell will explain in depth the group’s response and lessons learnt.
During the virtual conference, Mr Powell will share his thoughts on the maritime cyber security outlook for 2021 and the likelihood the shipping industry will again be caught up in a state-sponsored cyber attack. You can register here.
Assistant US attorney general John Demers described the NotPetya attack as “the most disruptive and destructive attack ever” as it was “designed to spread with devastating and indiscriminate alacrity – bringing down entire networks in seconds and searching for remote computer connections through which to attack additional innocent victims, all without hope of recovery or repair.”
US Justice Department also charged the six defendants with malware attacks for disrupting the 2017 French elections and the 2018 Winter Olympic Games.
The six men, aged 27-35, are now on the FBI’s wanted list following the US Justice Department news conference on 19 October.
During that event, Mr Demers was direct in holding Russia’s GRU, and in particular its Unit 74455, to account for state-sponsored cyber attacks.
In announcing the indictments, he said, “No country has weaponised its cyber capabilities as maliciously and irresponsibly as Russia, wantonly causing unprecedented collateral damage to pursue small tactical advantages and to satisfy fits of spite.”
In this, Mr Demers said Unit 74455’s activities were “part of the work of a persistent, sophisticated hacking group busy sabotaging perceived enemies or detractors of the Russian Federation, regardless of the consequences to innocent bystanders or their destabilising effect”.
This, he said, included a malware attack of Ukraine’s electrical power grid in 2016, the first reported destructive malware attacks against the control systems of civilian critical infrastructure.
Mr Demers said the conspirators’ destructive path “widened to encompass virtually the whole world, in what is commonly referred to as the most destructive and costly cyber attack ever”.
The US Justice Department also alleges these co-conspirators were responsible for spearphishing campaigns against South Korea, the host of the 2018 PyeongChang Winter Olympic Games, and the International Olympic Committee, Olympic partners, and athletes.
Since 2017, shipping companies have been victims of criminal-backed cyber attacks, shutting down IT networks and web portals.
Victims include IMO’s headquarters in London; the world’s second, third and fourth-largest container lines – Mediterranean Shipping Co, Cosco and CMA CGM, plus the world’s largest cruise shipping group Carnival Corp.
This comes as shipping reacts to restrictions imposed due to Covid-19 pandemic and the sector increases digitalisation and remote management.
Cyber security and risk to maritime assets will be discussed in depth during Riviera’s Maritime Cyber Risk Management Virtual Conference on 3 November - use this link to access details of the programme and register for this important event at a critical time for shipping