This is a group known as “Sandworm"And according to the indictment, all six people are part of the Russian intelligence service CRANE.
The U.S. charged Yuriy Sergeyevich Andrienko, 32, Sergey Vladimirovich Detistov, 35, Pavel Valeryevich Frolov, 28, Anatoliy Sergeyevich Kovalev, 29, Artem Valeryevich Ochichenko, 27, and Petr Nikolayevich Pliskin, 32.
More specifically the malicious activities for which they are accused are:
Ukrainian Government: From December 2015 to December 2016, there were catastrophic attacks on the electricity grid of Ukraine and the Ministry of Finance, using malware known as BlackEnergy, Industroyer and KillDisk.
French elections: In April and May 2017 they carried out fishing campaigns and related breach and leak attempts, aimed at "La République En Marche!" of French President Macron, the Political Party, French politicians and local governments before the 2017 French elections.
Global Business and Critical Infrastructure (NotPetya): On June 27, 2017, they carried out devastating attacks, infecting computers worldwide using malware known as NotPetya, including hospitals and other medical facilities in the Heritage Valley Health System (Heritage Valley) in Western Pennsylvania, a FedEx subsidiary of FedEx TNT Express BV and a major pharmaceutical manufacturer in USA., which suffered a loss of nearly $ 1 billion in losses from the attacks.
Winter Olympics in PyeongChang: From December 2017 to February 2018 they carried out campaigns spearphishing and created malicious applications for mobile phones targeting South Korean citizens and officials, athletes, associates and visitors, as well as International Olympic Committee (IOC) officials.
Novichok Poisoning Investigations: In April 2018, they conducted e-fishing campaigns targeting research by the Organization for the Prohibition of Chemical Weapons (OPCW) and the UK Defense Science and Technology Laboratory (DSTL).
Georgian companies and government entities: They launched a spearphishing campaign in 2018, targeting a large media company, while in 2019 they launched an attempt against the Parliament's network and a broad site diversion campaign.