US v. Aleksei Sergeyevich Morenets

Criminal No. 18-263

A grand jury in the Western District of Pennsylvania has indicted seven defendants, all officers in the Russian Main Intelligence Directorate (GRU), a military intelligence agency of the General Staff of the Armed Forces of the Russian Federation, for computer hacking, wire fraud, aggravated identity theft, and money laundering.

According to the indictment, beginning in or around December 2014 and continuing until at least May 2018, the conspiracy conducted persistent and sophisticated computer intrusions affecting U.S. persons, corporate entities, international organizations, and their respective employees located around the world, based on their strategic interest to the Russian government.

Among the goals of the conspiracy was to publicize stolen information as part of an influence and disinformation campaign designed to undermine, retaliate against, and otherwise delegitimize the efforts of international anti-doping organizations and officials who had publicly exposed a Russian state-sponsored athlete doping program and to damage the reputations of athletes around the world by falsely claiming that such athletes were using banned or performance-enhancing drugs.

The defendants, all Russian nationals and residents, are Aleksei Sergeyevich Morenets, 41, Evgenii Mikhaylovich, Serebriakov, 37, Ivan Sergeyevich Yermakov, 32, Artem Andreyevich Malyshev, 30, and Dmitriy Sergeyevich Badin, 27, who were each assigned to Military Unit 26165, and Oleg Mikhaylovich Sotnikov, 46, and Alexey Valerevich Minin, 46, who were also GRU officers.

The indictment alleges that defendants Yermakov, Malyshev, Badin, and unidentified conspirators, often using fictitious personas and proxy servers, researched victims, sent spearphishing emails, and compiled, used, and monitored malware command and control servers.

When the conspirators’ remote hacking efforts failed to capture log-in credentials, or if the accounts that were successfully compromised did not have the necessary access privileges for the sought-after information, teams of GRU technical intelligence officers, including Morenets, Serebriakov, Sotnikov, and Minin, traveled to locations around the world where targets were physically located. Using specialized equipment, and with the remote support of conspirators in Russia, including Yermakov, these close access teams hacked computer networks used by victim organizations or their personnel through Wi-Fi connections, including hotel Wi-Fi networks. After a successful hacking operation, the close access team transferred such access to conspirators in Russia for exploitation.

Among other instances, the indictment alleges that following a series of high-profile independent investigations starting in 2015, which publicly exposed Russia’s systematic state-sponsored subversion of the drug testing processes prior to, during, and subsequent to the 2014 Sochi Winter Olympics (according to one report, known as the “McLaren Report”), the conspirators began targeting systems used by international anti-doping organizations and officials. After compromising those systems, the defendants stole credentials, medical records, and other data, including information regarding therapeutic use exemptions (TUEs), which allow athletes to use otherwise prohibited substances.

Using social media accounts and other infrastructure acquired and maintained by GRU Unit 74455 in Russia, the conspiracy thereafter publicly released selected items of stolen information, in many cases in a manner that did not accurately reflect their original form, under the false auspices of a hacktivist group calling itself the “Fancy Bears’ Hack Team.” As part of its influence and disinformation efforts, the Fancy Bears’ Hack Team engaged in a concerted effort to draw media attention to the leaks through a proactive outreach campaign. The conspirators exchanged e-mails and private messages with approximately 186 reporters in an apparent attempt to amplify the exposure and effect of their message.

Each defendant is charged with one count of conspiracy to commit computer fraud and abuse, which carries a maximum sentence of five years in prison, one count each of conspiracy to commit wire fraud and conspiracy to commit money laundering, both of which carry a maximum sentence of 20 years. Defendants Morenets, Serebriakov, Yermakov, Malyshev, and Badin are each also charged with two counts of aggravated identity theft, which carries a consecutive sentence of two years in prison. Defendant Yermakov is also charged with five counts of wire fraud, which carries a maximum sentence of 20 years.

Defendants Yermakov, Malyshev, and Badin are also charged defendants in federal indictment number CR 18-215 in the District of Columbia, and accused of conspiring to gain unauthorized access into the computers of U.S. persons and entities involved in the 2016 U.S. presidential election, steal documents from those computers, and stage releases of the stolen documents to interfere with the 2016 U.S. presidential election.

Victims of all crimes under federal investigation are entitled to services under the Victims' Rights and Restitution Act (VRRA), including notification of court events. For further details, please refer to Title 34 United States Code section 20141 or the VRRA link posted at https://www.notify.usdoj.gov.

Now that charges have been filed in federal court, victims of the charges filed are, in addition, entitled to the following rights, according to the Crime Victims' Rights Act, Title 18 United States Code section 3771:

1. The right to be reasonably protected from the accused;
2. The right to reasonable, accurate, and timely notice of any public court proceeding, or any parole proceeding, involving the crime or of any release or escape of the accused;
3. The right not to be excluded from any such public court proceeding, unless the court, after receiving clear and convincing evidence, determines that testimony by the victim would be materially altered if the victim heard other testimony at that proceeding;
4. The right to be reasonably heard at any public proceeding in the district court involving release, plea, sentencing, or any parole proceeding;
5. The reasonable right to confer with the attorney for the Government in the case;
6. The right to full and timely restitution as provided in law;
7. The right to proceedings free from unreasonable delay;
8. The right to be treated with fairness and with respect for the victim's dignity and privacy;
9. The right to be informed in a timely manner of any plea bargain or deferred prosecution agreement; and
10. The right to be informed of the rights under this section and the services described in section 503(c) of the Victims' Rights and Restitution Act of 1990 (34 U.S.C. 20141(c)) and provided contact information for the Office of the Victims' Rights Ombudsman of the Department of Justice.
     

Please understand that these rights apply only to victims of the counts charged in federal court, and thus you may not be able to exercise all of these rights if the crime of which you are a victim was not charged. You may contact the Victim/Witness Coordinator if you have questions about the progress of your case, your rights or the services to which you are entitled, or how you can assert them during the proceedings. If you believe that a Justice Department employee has not provided you with these rights, you may file a complaint with the Justice Department’s Victims’ Rights Ombudsman. For more information, go to http://www.justice.gov/usao/resources/crime-victims-rights-ombudsman. If you have questions about filing a complaint against an employee, you may contact the Ombudsman by email at usaeo.VictimOmbudsman@usdoj.gov.

If you believe you are a victim in this case and would like to opt-in to receive notifications or if you have any questions about your rights, please contact the Victim Witness Coordinator at 412-894-7400 or Email the Victim Witness Coordinator.