The U.S. is featuring up to $10 million to recognize or identify 6 Russian GRU hackers who are part of the infamous Sandworm hacking group.

This bounty is being available as component of the Division of State’s Rewards for Justice plan, which rewards informants for facts foremost to identifying or locating foreign federal government menace actors who carry out malicious cyber operations versus U.S. crucial infrastructure.

Now, the U.S. Department of Condition announced that they are looking for data on six Russian officers of the Principal Intelligence Directorate of the Basic Team of the Armed Forces of the Russian Federation (GRU) for their alleged role in malicious cyberattacks against U.S. crucial infrastructure.

“GRU officers Yuriy Sergeyevich Andrienko (Юрий Сергеевич Андриенко), Sergey Vladimirovich Detistov (Сергей Владимирович Детистов), Pavel Valeryevich Frolov (Павел Валерьевич Фролов), Anatoliy Sergeyevich Kovalev (Анатолий Сергеевич Ковалев), Artem Valeryevich Ochichenko (Артем Валерьевич Очиченко), and Petr Nikolayevich Pliskin (Петр Николаевич Плискин) were being members of a conspiracy that deployed harmful malware and took other disruptive steps for the strategic reward of Russia through unauthorized access to sufferer personal computers,” the Division of State announced today.

Rewards of Justice seeking tips on alleged SandWorm hackers
Rewards of Justice trying to find suggestions on alleged Sandworm hackers

In 2020, the Department of Justice indicted all six people for remaining section of the elite Russian hacking team regarded as Sandworm (also recognized as Crew, Telebots, Voodoo Bear, and Iron Viking).

All six individuals were charged with conspiracy to carry out laptop or computer fraud and abuse, conspiracy to dedicate wire fraud, wire fraud, damaging safeguarded pcs, and aggravated identity theft.

Hacking pursuits linked with the Sandworm team incorporate:

  • Damaging malware assaults versus Ukraine’s electric ability grid, Ministry of Finance, and Point out Treasury Service, utilizing malware identified as BlackEnergy, Industroyer, and KillDisk
  • April and May 2017 spearphishing strategies and related hack-and-leak endeavours concentrating on French President Macron’s “La République En Marche!” (En Marche!) political celebration, French politicians, and community French governments before the 2017 French elections
  • The 2017 destructive malware attacks that infected computers all over the world working with malware regarded as NotPetya, like hospitals and other health-related facilities in the Heritage Valley Health Procedure (Heritage Valley) in the Western District of Pennsylvania a FedEx Corporation subsidiary, TNT Express B.V. and a large U.S. pharmaceutical maker, which alongside one another experienced practically $1 billion in losses from the assaults
  • December 2017 through February 2018 spearphishing strategies and destructive cellular programs targeting South Korean citizens and officers, Olympic athletes, partners, and guests, and International Olympic Committee (IOC) officers
  • December 2017 by means of February 2018 intrusions into desktops supporting the 2018 PyeongChang Winter season Olympic Games, which culminated in the Feb. 9, 2018, destructive malware attack towards the opening ceremony, applying malware identified as Olympic Destroyer
  • April 2018 spearphishing strategies concentrating on investigations by the Organisation for the Prohibition of Chemical Weapons (OPCW) and the United Kingdom’s Defence Science and Technologies Laboratory (DSTL) into the nerve agent poisoning of Sergei Skripal, his daughter, and numerous U.K. citizens and
  • A 2018 spearphishing marketing campaign focusing on a important media business, 2019 endeavours to compromise the community of Parliament, and a broad-ranging site defacement marketing campaign in 2019.
  • The creation of the Cyclops Blink botnet using a vulnerability in WatchGuard Firebox equipment. The U.S. govt disabled this botnet before the risk actors applied the malware to perform attacks.
  • April 2022 attacks on a significant Ukrainian electricity supplier with a new variant of the Industroyer malware for industrial control devices (ICS) and a new edition of the CaddyWiper data destruction malware.

The Rewards of Justice has set up a Tor web site at he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion that can be utilized to post suggestions about these danger actors anonymously, and others.

The Rewards of Justice is on the lookout for facts on other menace actors, including REvil ransomware, DarkSide ransomware,  North Korean cybercrime danger actors, and nation-state hackers targeting U.S. organizations and vital infrastructure sectors.