Pliskin created his malware while in the employ of Russia’s GRU, or Russian Main Intelligence Directorate, according to the Justice Department. The FBI says he held a post as a Russian Military Intelligence Officer from 2015 until June 2018.
The FBI says Pliskin supervised the development of the NotPetya malware, which crippled Ukraine’s power system, Georgia (the country), Britain’s National Health Service, and Maersk, among others.
An indictment said Pliskin and his co-defendants used an accounting software program, M.E. Docs, which is popular in Ukraine and used to communicate financial reports to the Ukrainian government, to initially spread NotPetya.
A Pennsylvania hospital system described in the indictment lost access to mission-critical computer systems (such as those relating to cardiology, nuclear medicine, radiology, and surgery) for approximately one week and administrative computer systems for almost one month, according to a Justice Department news release.
Pliskin also supervised the development of the “Olympic Destroyer” malware, developed to protest doping allegations made against Russian athletes. Olympic Destroyer wreaked havoc on the Olympics Organizing Committee’s IT Systems and interfered with the Opening Ceremonies of the 2018 PyeongChang games.
His colleagues contributed other malware attacks – including against the 2017 election campaign of current French President Emmanuel Macron, and against Great Britain’s investigation of the Novichok poisoning of GRU defector Sergei Skripal and his daughter
The indictments say Pliskin and his colleagues crafted their malware in a Moscow office building known as The Tower, at 22 Kirova Street, Khimki, in Moscow.
They would start their attacks by “researching victim organizations, including their computer networks and employees,” the indictment said. “This research provided technical and biographical information that the Conspirators could exploit in subsequent intrusion activities, (e.g. spearphishing campaigns.)”
The indictment said Pliskin’s team also customized malware they acquired from other sources and even attempted to make their work look like a North Korean hacker group known as the Lazarus Group.
As Pliskin and his colleagues are Russian nationals likely living in Russia, they remain at large.