Read on Twitter
Big news: DOJ today unsealed charges against Sandworm, naming the Russian GRU hackers who have for 5 years crossed every red line in cyberwar from blackouts to disrupting the Olympics to unleashing the NotPetya worm that cost $10 billion. https://www.wired.com/story/us-indicts-sandworm-hackers-russia-cyberwar-unit/ < Updates to come
Here are the six men charged. (You might recognize Kovalev from 2018, when he was charged along with 11 other GRU agents re: US election interference—he hacked US State Boards of Election. This indictment adds he also helped hack the 2017 campaign of France's President Macron)
Big thing #1 to me: After more than two years of silence from governments around the world on the "Olympic Destroyer" cyberattack that sabotaged the 2018 Winter Olympics in Korea ( https://www.wired.com/story/untold-story-2018-olympics-destroyer-cyberattack/) the US has finally (!) blamed Russia and condemned the attack.
Big thing #2: Three-plus years after Sandworm unleashed NotPetya, the worst cyberattack in history ( https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/) the US has named 4 men directly involved, even noting how Andrienko & Pliskin "celebrated" afterwards. A kind of accountability that's long been lacking.
Some smaller things that are new to me in the charges: Sandworm tried to hack the Georgian parliament and also two agencies involved in investigating the attempted Novichok assassination of GRU defector Sergey Skripal. (We knew GRU was involved in the latter, but not Sandworm.)
Another detail, for those like @matonis and @JohnHultquist who found some incongruous evidence that Sandworm seemed to be mixing up its devastating global cyberattacks with weird moonlighting in domestic Russia-targeted cybercrime, it looks like that was Kovalev, too. Busy guy!
Two other news items related to Sandworm's Olympics attack, big and small. First, UK's NCSC and US intelligence today (separately from DOJ) revealed that they'd seen evidence of Russian hackers preparing a repeat attack on the now-delayed Tokyo Olympics. https://www.theguardian.com/world/2020/oct/19/russia-planned-cyber-attack-on-tokyo-olympics-says-uk
Second, DOJ indictment says Sandworm tried to breach two Olympics partners responsible for timekeeping. Perhaps an attempt to sabotage results of sporting events, not just the Wifi, app, ticketing, screens that were ultimately disrupted. All updates here: https://www.wired.com/story/us-indicts-sandworm-hackers-russia-cyberwar-unit/
