The U.S. government has stepped up its hunt for six Russian intelligence officers, best known as the state-backed hacking group dubbed “Sandworm,” by offering a $10 million bounty for information that identifies or locates its members.
The Sandworm hackers — who work for a division of Russia’s GRU, the country’s military intelligence division — are known for launching damaging and destructive cyberattacks against critical infrastructure, including food supplies and the energy sector.
Sandworm may be best known for the NotPetya ransomware attack in 2017, which primarily hit computer systems in Ukraine and disrupted the country’s power grid, leaving hundreds of thousands of residents without electricity during the depths of winter. In 2020, U.S. prosecutors indicted the same six Sandworm hackers, who are believed to still be in Russia, for the NotPetya attack, as well as several other attacks that targeted the 2018 PyeongChang Winter Olympics in South Korea and for running a hack-and-leak operation to discredit France’s then-presidential frontrunner Emmanuel Macron.
In a statement this week, the U.S. State Department said the NotPetya attack spilled outside of Ukraine across the wider internet, resulting in close to $1 billion in losses to the U.S. private sector, including medical facilities and hospitals.
The timing of the bounty comes as U.S. officials warn that Russia-backed hackers, including Sandworm, could be preparing damaging cyberattacks that target businesses and organizations in the United States following Russia’s invasion of Ukraine.
Since the start of the invasion in February, security researchers have attributed several cyberattacks to Sandworm, including the use of “wiper” malware to degrade Viasat’s satellite network that the Ukrainian military heavily relies on. Ukraine’s government said earlier this month it had disrupted another Sandworm attempt to target a Ukrainian energy provider using malware it repurposed from cyberattacks it launched against Ukraine in 2016.
The FBI also this month said it conducted an operation to disrupt a massive botnet that infected thousands of compromised routers, including many located in the U.S., by locking…