Law Enforcement

U.S. indicts Russian hackers in global conspiracy


The Justice Department charged seven Russian nationals in a global hacking disinformation campaign stretching across several years and multiple continents.

Charges against the seven include hacking, wire fraud and identity theft and involve efforts by Russian intelligence agencies to delegitimize the work of groups probing Russia's doping violations in international athletics.

Dutch, Canadian and British authorities cooperated in the effort to unmask the alleged hackers, and there is overlap between the individuals charged in this case and the one brought by Special Counsel Robert Muller's investigation into Russian influence into the 2016 election.

"Three of the seven defendants charged in this case were previously charged in the indictment brought by the Office of Special Counsel in July of this year, which pertained to a conspiracy to interfere with the 2016 U.S. presidential election," Assistant Attorney General for National Security John Demers said at an Oct. 4 press conference.

In a joint announcement, those Dutch and U.K. law enforcement agencies said some of those same GRU officers were responsible for hacking into laboratories in Europe investigating alleged Russian use of chemical weapons in Syria and the poisoning of a former Russian agent.

The group also allegedly used spearphishing techniques to steal identities and network credentials of employees of a Westinghouse nuclear power plant based in Pittsburgh that supplied nuclear fuel to the Ukraine. The activity against the Westinghouse facility occurred between 2014 and 2016, according to the indictments. The Ukraine’s power grid was severely crippled in 2015 by cyberattacks attributed to Russia.

Overall, said Scott Brady, U.S. attorney for the Western District of Pennsylvania, the indictments point to a sprawling Russian campaign to sway public opinion and spread misinformation.

Brady said the ways the hackers gained access to anti-doping agencies and the nuclear power plant networks was "fascinating."

According to the 40-page indictment, the seven used remote, "on-site" or "close access" attempts to steal access credentials for victims' networks.

Typically, it said, hacking was done remotely from Russia. When that didn’t work, however, the conspirators travelled around the world to the sites. Some of the techniques targeted organizations or their personnel through Wi-Fi connections, including hotel Wi-Fi networks. Spearphishing that targeted specific employees to steal access codes and identity credentials was a favorite tactic, it said.

The hackers also used fictitious  names and leveraged online  infrastructure -- including  servers,  domains,  cryptocurrency, email  accounts and social  media  accounts --  as well as  other  online  services  provided  by  companies in the U.S. and elsewhere,  the indictment said, to pursue their goals.

In the case of hacking into the U.S. and World Anti-Doping Agency, the indictment alleged the seven used 38 common IP addresses to gain access, then spread the stolen health data via social media and website of the Fancy Bears’ Hack Team, and Fancy Bear is one of the names the U.S. cybersecurity agencies have assigned to Russian government-backed hacking efforts.

In instances when the group was forced to use paid network infrastructure services for its activities, the indictment said it used fictitious names tied to Bitcoin and other cryptocurrencies.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at or follow him on Twitter at @MRockwell4.


  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.