The Justice Department on Monday unsealed charges accusing six Russian military intelligence officers of an aggressive worldwide hacking campaign that caused mass disruption and cost billions of dollars by attacking targets like a French presidential election, the electricity grid in Ukraine and the opening ceremony of the 2018 Winter Olympics.
Prosecutors said the suspects were from the same unit that helped distribute stolen Democratic emails in the 2016 election. Though Justice Department officials played down the timing of the announcement two weeks before the presidential election, it nevertheless served as American officials’ latest censure of Russia’s hostile intrusions into other countries’ affairs, even as President Trump has adopted a more accommodating stance toward Moscow.
The prosecutors focused on seven breaches that together showed how Russia sought in recent years to use its hacking abilities to undermine democratic institutions and ideals, retaliate against enemies and destroy rival economies.
“No country has weaponized its cybercapabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite,” said John C. Demers, the assistant attorney general for national security.
He added, “Their cyberattack combined the emotional maturity of a petulant child with the resources of a nation-state.”
The Russian Embassy in Washington strongly denied the allegations. “It is absolutely obvious that such news breaks have no bearing on reality and are aimed at whipping up Russophobic sentiments in American society, at launching a ‘witch hunt’ and spy mania, which have been a distinctive feature of the political life in Washington for several years,” the embassy’s press office said in a written statement on Monday.
Prosecutors said the suspects worked for Unit 74455 of the Russian intelligence Main Directorate, commonly referred to as the G.R.U. Known among cybersecurity analysts as Sandworm, the unit worked hand in hand with another G.R.U. unit to leak Democrats’ stolen emails during the 2016 election, embarrassing Hillary Clinton’s campaign in the final stretch.
Cybersecurity and national security experts had long argued that the Russians were behind the hacks that prosecutors detailed on Monday. But the indictment was the first time a major law enforcement agency made the allegation, bolstering the hacking unit’s notoriety as one of the most audacious in the world.
“The G.R.U.’s hackers operate as a strategic arm of the Russian state, and they have been using this cybertool as a military weapon in a military campaign,” said Thomas P. Bossert, Mr. Trump’s first homeland security adviser, who is now the president of the security firm Trinity Cyber.
One of the suspects charged in the newly unsealed indictments, Anatoliy Sergeyevich Kovalev, was indicted two years ago on charges announced by the special counsel, Robert S. Mueller III, over the 2016 election hacks. Mr. Kovalev was accused of playing a role in hacking election administration infrastructure alongside a larger scheme by other G.R.U. officers indicted in the thefts and release of emails from Democratic computer networks.
The new charges did not address 2020 election interference; American intelligence agencies have assessed that Russia is trying to influence the vote in November.
The charges also showed the limits of the United States’ power to deter Russia. Many of the breaches occurred after the United States imposed sanctions and publicly rebuked Russia over its 2016 election sabotage, and it is highly unlikely that the Kremlin will hand over the intelligence officers to stand trial in American courts.
Among the operations that the Justice Department cited was the release of stolen documents just as voting was beginning in France’s presidential election in 2017, an apparent bid to hurt Emmanuel Macron in his eventual victory against Marine Le Pen, a far-right candidate supported by Moscow. Security researchers at the time quickly blamed Russia.
Unlike the distribution of hacked emails in the 2016 American election, the French operation mixed genuine documents with altered material. The French news media largely ignored the stolen documents, in part because of questions of their authenticity, but also because France was in a government-mandated blackout period immediately before the vote.
American officials have warned that Russia could repeat those tactics in the presidential race in the United States this year, mixing falsified material with real stolen documents in a way that is difficult to tell fact from fiction.
The indictment also portrayed Russia as determined to disrupt the 2018 Winter Olympics in Pyeongchang, South Korea, in retaliation for its embarrassing ban from the Olympics over its systemic efforts to undermine antidoping rules.
The G.R.U. for months sent spoofed emails to members of the International Olympic Committee, athletes and other companies, posing as Olympics or Korean government officials to trick the recipients into giving them access to key Olympics infrastructure. At one point, they hacked a company that provided time-keeping services to the Olympics, court papers showed.
Having laid their trap, the Russian officers attacked the opening ceremony of the Games, taking down internet access and telecasts, grounding broadcasters’ drones, shutting Olympics websites and preventing spectators from attending the opening ceremony.
Security experts labeled the attack Sour Grapes for its spiteful nature.
“If you were under the impression that, after 2016, they hung it up and gave up their aggressive behavior, the fact they hacked the Olympics should disabuse you of that notion,” said John Hultquist, the director of threat intelligence at FireEye, a Silicon Valley cybersecurity firm. “It was a vindictive attack. There was no clear geopolitical reason to do that. And it impacted the entire international community.”
Experts had initially blamed North Korea for the attack but later determined that the G.R.U. used North Korean hacking tools to throw off investigators.
As the Justice Department unsealed the indictment on Monday, British officials also revealed new details of a similar Russian plot to disrupt the Tokyo Olympics that had been scheduled for this summer but were postponed until 2021 because of the coronavirus. Britain’s foreign secretary, Dominic Raab, condemned the attacks as “cynical and reckless.”
The allegations threatened to undermine Russia’s efforts to lift a four-year ban from international sports, including the Olympics, at Court of Arbitration for Sport, which has yet to rule on the matter.
“The I.O.C. and the organizing committees of the Olympic Games have identified cybersecurity as a priority area and invest a lot to offer the Olympic Games the best cybersecurity environment possible,” the I.O.C. said in a statement on Monday. “Given the nature of the topic, we do not divulge those measures.”
The Justice Department indictment said the suspects were also responsible for developing malware used in attacks on Ukraine’s power grid. The first, on Dec. 23, 2015, infiltrated Ukrainian energy companies, cutting power for hours to more than 200,000 residents in the country’s west.
In a follow-up in late 2016 that targeted the power grid in Kyiv, Ukraine, the suspects used a second piece of malware, called Industroyer, to cut electricity for an hour, the indictment said. The malware, according to experts, posed one of the greatest digital threats to critical infrastructure since Stuxnet, the computer attack by the United States and Israel that took out Iran’s uranium centrifuges in 2009.
The suspects were also accused of carrying out an attack in June 2017 that is considered the most costly in history. Called NotPetya, it was originally aimed at Ukraine but quickly boomeranged around the world, paralyzing some of the biggest corporations in Europe and the United States at an estimated total cost of $10 billion. It was never clear, intelligence experts said, whether Russia intended to limit the attack to the Ukrainian economy and any company that dared to do business with Ukraine, or whether it knowingly built a tool that would wreak global havoc. But the estimated cost to Mondelez, the maker of Oreo cookies and Ritz crackers, alone was more than $100 million; Merck, the pharmaceutical giant, reported some $700 million in damages; the attack also impeded computer use at hospitals and medical facilities in western Pennsylvania.
In 2019, the same suspects took aim at the government of the country of Georgia, the indictment said. They defaced about 15,000 websites and replaced many home pages with images of its former president, known for his efforts to counter Russian influence, alongside the caption “I’ll be back,” an apparent bid to try to avoid detection.
At a news conference in Washington to announce the indictments, Mr. Demers, the Justice Department’s top national security official, took direct aim at President Vladimir V. Putin of Russia, who made an unusual appeal for a cyber “reset” with the United States last month.
Mr. Demers said the indictments were “a cold reminder of why its proposal is nothing more than dishonest rhetoric and cynical and cheap propaganda.”
He also took a dig in a news release at Mr. Putin’s claims that he is restoring Russia to greatness.
“No nation,” Mr. Demers said, “will recapture greatness while behaving in this way.”
Julian E. Barnes and Tariq Panja contributed reporting.