Seven more Russian spies have been indicted in the US, charged with multiple counts of attacking industrial, sports, anti-doping and anti-chemical weapons organizations across the world. The personal records of rival athletes were also targeted.
Prosecutors in the Western District of Pennsylvania also claim the accused agents from Russia’s Main Intelligence Directorate of the General Staff (GRU) “principally used Bitcoin” to finance their operations, believing doing so would help them better evade detection by local law enforcement.
According to prosecutors, the spies stole confidential information from the targets, and in some cases published the “private or otherwise sensitive information” in order to:
“…undermine the legitimate interests of the victims, further Russian interests, retaliate against Russia’s detractors and sway public opinion in Russia’s favor.”
The targets were allegedly the subject of, “sophisticated criminal cyber intrusions,” which included both remote at close-range cyber and other attacks.
Attacked organizations include:
- the U.S. Anti-Doping Agency in Colorado Springs
- the World Anti-Doping Agency in Montreal
- the Canadian Centre for Ethics in Sports in Ottawa
- the International Association of Athletics Federations in Monaco
- the Court of Arbitration for Sport (TAS/CAS) in Lausanne
- the Fédération Internationale de Football Association in Zurich
- the Westinghouse Electric Corporation, a nuclear energy company headquartered in the Western District of Pennsylvania
- the Organisation for the Prohibition of Chemical Weapons in The Hague (“investigating the use of 4 chemical weapons in Syria and the March 2018 poisoning of a former GRU officer and others in the United Kingdom with a chemical nerve agent”)
- the Spiez Swiss Chemical Laboratory in Spiez (“an accredited laboratory…that analyzed the chemical agent connected to the poisonings of a former GRU officer and others in the United Kingdom”)
According to prosecutors:
“These victims were targeted by the GRU for their role in the investigation or public condemnation of Russia’s state-sponsored athlete doping program and their public support of, or involvement in, a ban on Russian athletes in worldwide athletic competitions (including the 2016 Summer Olympics and Paralympics in Rio de Janeiro, Brazil). The GRU also targeted the victims to steal athletes’ medical records which were then publicized as part of an influence and disinformation campaign.”
The agents also sought to increase the dispersal of the information they obtained through “a sustained media campaign” which included letters to agencies defending Russian athletes’ reputations.
Disinformation campaigns was also aided in part by the the creation of a false front “hacktivist” group by the GRU called “Fancy Bear.”
The hacks detailed in the indictments were typically executed remotely from Main Intelligence GRU offices in Moscow, prosecutors say, but when those hacks failed, the agents used, “on-site or close access hacking operations…” whereby “trained GRU hackers with sophisticated hacking equipment travel(ed) to victims’ locations around the world.”
Aleksei Sergeyevich Morenets, Evgenii Mikhaylovich Serebriakov, Ivan Sergeyevich Yermakov, Artem Andreyevich Malyshev, Dmitriy Sergeyevich Badin, Oleg Mikhaylovich Sotnikov, and Alexey Valerevich Minin allegedly used diplomatic passports (in some cases), “fictitious names and personas, as well as online infrastructure, including servers, domains, cryptocurrency, email accounts, social media accounts and other online services provided by companies in the United States and elsewhere.”
SBS news reported details yesterday on an alleged “close access” cyberattack in which four Russian agents, “set up a car full of electronic equipment in the car park of a hotel next to the Organisation for the Prohibition for Chemical Weapons (OPCW) in The Hague in a bid to hack into its computer system.”
The Organisation for the Prohibition for Chemical Weapons (OPCW) has been investigating the poisoning of ex-soviet intelligence agent Sergei Skripal and his daughter, Yulia. Skripal’s wife and son both perished previously in car accidents.
Russian officials have reportedly called the reports on the bust of the Dutch operation “propaganda.” Meanwhile, Dutch and American officials have publicly branded Russia “a pariah state” and the Russian ambassador has been called upon by the Dutch Foreign Minister to explain the alleged hack on the OPCW.
While hackers ultimately used, “a variety of currencies, including U.S. dollars” to pull off hacks globally:
“…they principally used bitcoin when purchasing servers, registering domains, and otherwise making payments in furtherance of hacking activity. Many of these payments were processed by companies located in the United States.”
According to the indictment, Bitcoin was important to the operations because it, “allowed the conspirators to avoid direct relationships with traditional financial institutions, allowing them to evade greater scrutiny of their identities and sources of funds.”
The hackers are also alleged to have partly funded their operations by mining Bitcoin.