Two agents of Russia’s FSB spy agency and two “criminal hackers” were indicted Wednesday over a massive cyberattack affecting 500 million Yahoo users, the US Justice Department announced.
The indictment unveiled in Washington links Russia’s top spy agency to one of the largest hacking attacks in history, carried out in 2014, and which officials said was used for espionage and financial gain.
Officials identified the agents as Dmitry Dokuchaev and Igor Sushchin, both of whom were part of the successor agency to Russia’s KGB.
Dokuchaev was an officer in the FSB Center for Information Security, known as “Center 18,” which is supposed to investigate hacking and is the FBI’s point of contact in Moscow for cyber crimes.
The 33-year-old was reported to have been arrested in Moscow earlier this year on treason charges. He is accused of directing the Yahoo hack along with his superior, the 43-year-old Sushchin.
The two officers “protected, directed, facilitated and paid criminal hackers to collect information through computer intrusions in the United States and elsewhere,” acting assistant attorney general Mary McCord told reporters.
They hired Alexsey Belan and Karim Baratov, described as “criminal hackers,” to carry out the attacks.
McCord said the attack was directed at gathering information “clearly some of which has intelligence value,” but adding that “the criminal hackers used this to line their own pockets for private financial gain.”
Targets included Russian and US government officials, including cyber security, diplomatic and military personnel, McCord said.
“They also targeted Russian journalists; numerous employees of other providers whose networks the conspirators sought to exploit; and employees of financial services and other commercial entities,” she added.
McCord said Baratov, a Canadian national, was arrested this week on a US warrant in Canada.
Belan, 29, has been indicted twice in US cases involving the hacking of e-commerce companies, and is listed as one of the FBI’s “Cyber Most Wanted criminals.”
The attack on Yahoo, disclosed last year, was one of the largest ever data breaches ever and at the time was blamed on a “nation-state” attacker.
The indictments come amid a high-stakes US investigation into claims of Russian cyber-meddling in the US election, potentially to aid the winning efforts of Donald Trump.
Asked if there were any links between the two cases, McCord said, “We don’t have anything that suggests… any relationship between those” cases.
The other case “is an ongoing investigation,” she added.