Category Archives: Department of Homeland Security

Operation Warp Speed Status Report Courtesy of the Military

Posted on by

Below is a compilation of initiatives, actions and accomplishments across Operation Warp Speed (OWS)’s primary efforts in the past week. To learn more about OWS, visit the Department of Health and Human Services (HHS) website and Department of Defense (DOD) website.

Pfizer, Merck, and Moderna among finalists for Operation ...

VACCINE DEVELOPMENT:

The U.S. Food and Drug Administration today authorized the restart of AstraZeneca’s Phase 3 clinical trial in the U.S. As part of the standard review process for adverse events in clinical trials, a voluntary pause was triggered to allow for the examination of safety data by independent monitoring committees. This pause while the adverse event was fully investigated means the science-based, data-driven process continues to work as it should.

Moderna announced it completed enrollment on its Phase 3 clinical trial, noting 37 percent of the 30,000 participants are part of minority populations. To date, more than 25,650 participants of Moderna’s participants have received their second vaccination. According to Moderna’s announcement, the company’s decision to submit a dossier to FDA requesting Emergency Use Authorization will be based on an assessment of whether the potential benefit of the vaccine outweighs the potential risks. The science and data behind this assessment is accruing.

The FDA’s Vaccines and Related Biological Products Advisory Committee met Thursday to discuss the ongoing development of a COVID-19 vaccine. In the interest of transparency over the process, the FDA streamed the entire committee meeting on both its own website and on YouTube. The all-day meeting explored the potential of granting Emergency Use Authorization and the standards and criteria that will be applied to vaccine candidates.

The Centers for Disease Control and Prevention launched a new page on their website dedicated to education on the COVID-19 vaccine planning efforts: https://www.cdc.gov/coronavirus/2019-ncov/vaccines/index.html.

In its commitment to transparency, Operation Warp Speed has posted four redacted contracts here: https://www.hhs.gov/foia/electronic-reading-room/index.html

THERAPEUTICS DEVELOPMENT:

The U.S. Food and Drug Administration approved the antiviral drug Veklury (remdesivir) Oct. 22 for use in adult and pediatric patients 12 years of age and older and weighing at least 40 kilograms (about 88 pounds) for the treatment of COVID-19 requiring hospitalization.

MANUFACTURING, DISTRIBUTION AND ADMINISTRATION:

Operation Warp Speed is working with the U.S. Marshals Service as part of a “whole of government” approach to ensure the security of the vaccine supply chain, including delivery to administration points. Marshals Service liaisons are embedded with the OWS team to ensure there is consistent communication and information flow in the security sector.

Synchronizing and integrating data across distribution and administration operations is a critical effort of Operation Warp Speed. To that end, OWS is using a specially designed platform to collect, correlate and visualize data across the entire operation. The “Tiberius” platform integrates the related manufacturing, supply chain, allocation, state and territory planning, delivery and administration of both vaccine products and ancillary kits. The 2020 technology provides visibility across all U.S. jurisdictions to provide decision support and ease the burden of public health officials throughout the nation. Additionally this week, HHS in support of Operation Warp Speed began signing Memorandums of Understandings with jurisdictions to provide access to information technology (IT) support to assist them with vaccine response planning and distribution at no cost.
An OpEd by HHS Secretary Alex Azar titled “Why Operation Warp Speed is a Made-in-America story,” highlighted the scaling up of manufacturing facilities across the country. He discussed DOD’s success in applying a military supply chain and logistics mentality to develop and deliver a COVID-19 vaccine to the American people.

KEY ENGAGEMENTS:

HHS Secretary Alex Azar visited Emory University Hospital in Atlanta and saw their work on clinical trials for Regeneron’s antibody cocktail and Moderna’s candidate vaccine.

Operation Warp Speed Chief Science Advisor Dr. Moncef Slaoui visited a Moderna clinical trial site at George Washington University Wednesday and spoke with ABC’s Bob Woodruff.

HHS Deputy Secretary Hargan visited the University of Kansas Medical Center for a meeting with their leadership and physicians about the Phase 3 clinical trials they have been overseeing for the AstraZeneca Vaccine. Deputy Secretary Hargan will also join Nebraska Governor Pete Ricketts on Saturday, October 24 for a tour of the University of Nebraska Medical Center where they are conducting clinical trials for COVAXX vaccine and therapeutic candidates.

Dr. Anthony Fauci joined a Univision Town Hall entitled “COVID-19 Vaccines: Myths and Facts” to discuss the importance of Hispanics being represented in clinical trials.

The Washington Post: “Unprecedented vaccine trials on track to begin delivering results.”

Operation Warp Speed Chief Operating Officer Gen. Gus Perna and Vaccine Development Lead Dr. Matt Hepburn will participate in a discussion with The Heritage Foundation on “The Fight to get a COVID-19 Vaccine” Oct. 27 at 3 p.m. The virtual event is free and open for registration.

SENIOR LEADER QUOTES:

“Clinical trial volunteers are the real heroes of this pandemic. Many people are looking for a way to make an impact and serve. Volunteering is a tremendous opportunity to be helpful.” ~Dr. Matt Hepburn, OWS Vaccine Development Lead

“Advances in science are the foundation for the unprecedented progress we are seeing under Operation Warp Speed. But the broader set of requirements for ultimate success—unwavering leadership, ingenuity, determination, the commitment of enormous resources, exceptional logistical infrastructure, and public-private collaboration—can be assembled only in America.” ~HHS Secretary Alex Azar

“It’s not a certainty, but the plan – and I feel pretty confident – should make it such that by June, everybody could have been immunized in the U.S.” ~Dr. Moncef Slaoui, OWS Chief Advisor

“Trust in the science. We have executed vaccine development with rigor. The leading scientists in the world and the quality of the nation’s pharmaceutical base, with oversight of the FDA’s gold standard, lend credibility to this unprecedented effort.” ~Paul Ostrowski, OWS Director for Supply, Production and Distribution

Operation Warp Speed is a partnership among components of the Department of Health and Human Services and the Department of Defense, engaging with private firms and other federal agencies, and coordinating among existing HHS-wide efforts to accelerate the development, manufacturing and distribution of COVID-19 vaccines, therapeutics and diagnostic

US blames Iran for Spoofed Proud Boys Emails

Posted on by

US blames Iran for spoofed Proud Boys emails threatening Democrat voters

ZDNet: US claims Iran is behind a wave of emails purporting to be from right-wing Proud Boys group that threatened registered Democrat voters with repercussions if they didn’t vote for Trump.

iran-emails-proud-boys.png

In a short press conference held today by the US Department of Justice, high-ranking officials with the US government claimed that Iran was behind a wave of emails sent to US voters earlier this week.

Spoofing the identity of violent extremist group Proud Boys, the emails threatened registered Democrat voters with repercussions if they didn’t vote for Donald Trump in the upcoming US Presidential Election.

The senders claimed to have “gained access into the entire [US] voting infrastructure,” but appeared to use public voter registration databases to target Democrat voters in Alaska, Arizona, and Florida.

Two waves of emails were sent this week, the first on Tuesday (October 20), and the second on Wednesday (October 21), according to a report from email security firm Proofpoint, which has been tracking the spam campaigns.

The second wave of emails, besides the original message threatening Democrat voters, also included a link to a video claiming to show an individual print out a voting ballot with another person’s information (a copy of the video is embedded in the Proofpoint report). The video was debunked by several US news media publications.

Responding to intense media coverage surrounding the emails, in a short press conference earlier today, FBI Director Christopher Wray and Director of National Intelligence John Ratcliffe attributed the spam campaigns to Iran.

Addressing the video shared in the emails, Ratcliffe added that “the information in the video is not true.”

Ratcliffe also added that besides Iran, Russia has also also “taken specific actions to influence public opinion relating to our election.”

“Although we have not seen the same actions from Russia, we are aware that they have obtained some voter registration information,” Ratcliffe added.

The two officials urged the US public to remain calm and not spread any similar messages they receive in the future.

Neither of the two officials presented any evidence during the press conference but only made short statements.

Spokespersons for several cyber-security firms could not confirm the Iranian attribution, when inquired by ZDNet today. However, they didn’t dismiss it either.

“Iranian information operations date back at least eight years and they have grown beyond fake news sites and social network activity to elaborate tactics, such as impersonating journalists to solicit video interviews and placing op-eds. They have even impersonated American politicians,” John Hultquist, Senior Director of Analysis, Mandiant Threat Intelligence, told ZDNet.

“The information operations we have seen from Iran to date have been about amplifying pro-Iranian messages and pushing a desired narrative out into the world that’s anti-Saudi or ant-Israeli or pro-JCPOA,” he added.

“This is different. This is deliberate interference in our democracy and it crosses a major red line. I think the Intel community scored a win here against Iran today,” Hultquist said.

 

THE Laptop now Coded with 272 D by FBI, Money-Laundering

Posted on by

Primer: The FBI has established a predicate, otherwise the activities as noted below would not have been authorized.

272D Money Laundering – Unknown SUA Specified Uknown Activity

  • Possible the Kazakh oligarch
  • Possible the Moscow Mayor’s ex-wife
  • Possible trafficking

FNC: The FBI’s subpoena of a laptop and hard drive purportedly belonging to Hunter Biden came in connection with a money laundering investigation in late 2019, according to documents obtained by Fox News and verified by multiple federal law enforcement officials who reviewed them.

It is unclear, at this point, whether the investigation is ongoing or if it was directly related to Hunter Biden.

Multiple federal law enforcement officials, as well as two separate government officials, confirmed the authenticity of these documents, which were signed by FBI Special Agent Joshua Wilson. Wilson did not immediately respond to Fox News’ request for comment.

One of the documents, obtained by Fox News, was designated as an FBI “Receipt for Property” form, which details the bureau’s interactions with John Paul Mac Isaac, the owner of “The Mac Shop” who reported the laptop’s contents to authorities.

The document has a “Case ID” section, which is filled in with a hand-written number: 272D-BA-3065729.

According to multiple officials, and the FBI’s website, “272” is the bureau’s classification for money laundering, while “272D” refers to “Money Laundering, Unknown SUA [Specified Unlawful Activity]—White Collar Crime Program,” according to FBI documents. One government official described “272D” as “transnational or blanket.”

“BA” indicates the case was opened in the FBI’s Baltimore field office, sources said.

The documents state that the subpoena was carried out in Wilmington, Del., which falls under the jurisdiction of the FBI’s Baltimore Field Office.

https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2020/10/1862/1048/thumbnail_image1.jpg?ve=1&tl=1

https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2020/10/1862/1048/thumbnail_image3.jpg?ve=1&tl=1

https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2020/10/1862/1048/thumbnail_image2.jpg?ve=1&tl=1

“The FBI cannot open a case without predication, so they believed there was predication for criminal activity,” a government official told Fox News. “This means there was sufficient evidence to believe that there was criminal conduct.”

Another document, obtained by Fox News, was a subpoena sent to Isaac to testify before U.S. District Court in Delaware on Dec. 9, 2019. One page of the subpoena shows what appears to be serial numbers for a laptop and hard drive taken into possession.

Based on the date of the subpoena, an official told Fox News that the case would have been opened prior to Isaac’s subpoena.

“If a criminal case was opened and subpoenas were issued, that means there is a high likelihood that both the laptop and hard drive contain fruits of criminal activity,” the official said.

Fox News first reported on Tuesday evening that the FBI is in possession of the laptop in question.

The FBI has declined to confirm or deny the existence of an investigation into the laptop or the emails, as is standard practice.

The Biden campaign on Wednesday pushed back on the claims leveled against Hunter Biden, particularly those first reported by The New York Post last week. The New York Post revealed that Rudy Giuliani provided them with emails allegedly belonging to Hunter Biden.

“The Attorney General of Delaware’s office indicated that the FBI has ‘ongoing investigations regarding the veracity of this entire story.’ And it would be unsurprising for an investigation of a disinformation action involving Rudy Giuliani and those assisting him to involve questions about money laundering, especially since there are other documented inquiries into his dealings,” Biden campaign spokesman Andrew Bates said in a statement to Fox News. “In fact, Donald Trump’s own national security adviser warned the president that material furnished by Giuliani should be considered tainted by Russian interference.”

Giuliani, this week, reportedly turned over a copy of the hard drive to New Castle County Police Department in Delaware.

Richard Sauber, an attorney connected to the Biden campaign, said, in a statement to Fox News: “Criminal investigations of Russian disinformation campaigns that include the witting participation of American citizens like Rudy Giuliani often involve investigation by the FBI of whether the American has received payment for these activities that would implicate the Federal Money Laundering statutes.”

Director of National Intelligence John Ratcliffe, however, confirmed this week that the laptop, purportedly belonging to Hunter Biden, and the emails on it “is not part of some Russian disinformation campaign,” despite claims from House Intelligence Committee Chairman Adam Schiff, D-Calif.

The FBI, in a letter to Senate Homeland Security and Governmental Affairs Chairman Ron Johnson, R-Wis., who is investigating Hunter Biden’s business dealings as well as the laptop in question, said that the bureau has “nothing to add at this time to the October 19th public statement by the Director of National Intelligence about the available actionable intelligence.”

“If actionable intelligence is developed, the FBI in consultation with the Intelligence Community will evaluate the need to provide defensive briefings to you and the Committee pursuant to the established notification framework,” the letter stated.

The FBI, in its letter to Johnson, wrote that “consistent with longstanding Department of Justice (Department) policy and practice, the FBI can neither confirm nor deny the existence of any ongoing investigation or persons or entities under investigation, including to Members of Congress.”

“As the Inspector General firmly reminded the Department and the FBI in recent years, this policy is designed to preserve the integrity of all Justice Department investigations and the Department’s ability to effectively administer justice without political or other undue outside influences,” Tyson wrote.  “Therefore, the FBI cannot provide any additional information in response to the enumerated questions in your letter.”

The emails in question were first obtained by the New York Post and, in part, revealed that Hunter Biden allegedly introduced his father, the then-vice president, to a top executive at Ukrainian natural gas firm Burisma Holdings less than a year before he pressured government officials in Ukraine to fire prosecutor Viktor Shokin, who was investigating the company’s founder.

The New York Post report revealed that Biden, at Hunter’s request, allegedly met with the executive, Vadym Pozharskyi, in April 2015 in Washington, D.C.

The meeting was mentioned in an email of appreciation, according to the Post, that Pozharskyi sent to Hunter Biden on April 17, 2015 — a year after Hunter took on his position on the board of Burisma.

The Biden campaign told Fox News Sunday that the former vice president “never had a meeting” with Pozharskyi.

Biden, prior to the emails surfacing, repeatedly has claimed he’s “never spoken to my son about his overseas business dealings.”

Hunter Biden’s business dealings, and his role on the board of Burisma, emerged during the Trump impeachment inquiry in 2019.

Another email, dated May 13, 2017, and obtained by Fox News, includes a discussion of “renumeration packages” for six people in a business deal with a Chinese energy firm. The email appeared to identify Hunter Biden as “Chair/Vice Chair depending on an agreement with CEFC,” in an apparent reference to now-bankrupt CEFC China Energy Co.

DOCUMENTS SHOW ALLEGED HUNTER BIDEN SIGNATURE, FBI CONTACTS WITH COMPUTER REPAIR SHOP OWNER

The email includes a note that “Hunter has some office expectations he will elaborate.” A proposed equity split references “20” for “H” and “10 held by H for the big guy?” with no further details.

Fox News spoke to one of the people who was copied on the email, who confirmed its authenticity.

Sources also told Fox News that “the big guy” was a reference to the former vice president. The New York Post initially published the emails, and others, that Fox News has also obtained.

While Biden has not commented on that email, or his alleged involvement in any deals with the Chinese Energy firm, his campaign said it released the former vice president’s tax documents and returns, which do not reflect any involvement with Chinese investments.

Fox News also obtained an email last week that revealed an adviser of Burisma Holdings, Vadym Pozharskyi, wrote an email to Hunter Biden on May 12, 2014, requesting “advice” on how he could use his “influence to convey a message” to “stop” what the company considers to be “politically motivated actions.”

“We urgently need your advice on how you could use your influence to convey a message / signal, etc .to stop what we consider to be politically motivated actions,” Pozharskyi wrote.

The email, part of a longer email chain obtained by Fox News, appeared to be referencing the firm’s founder, Mykola Zlochevsky, being under investigation.

DHS Launches Center for Countering Human Trafficking

Posted on by

FACTOID: Across the United States, illicit massage parlors are often used as covers for sex trafficking operations.  In a recent study, Polaris looked at massage parlors, primarily in the U.S., and found that over 6,500 of them are illicit businesses. In Fairfax County, Virginia — not more than 20 minutes outside of D.C. — they found 108 illicit massage businesses connected to 181 different limited liability companies (LLCs).  In Virginia, as with every other state, none of these companies are required to disclose the real people who own these companies and are benefiting from these crimes. More here.

Ohio offers funds to remove human trafficking marks

Just this week, President Trump signed 2 executive orders, 3 proclamations against human trafficking

Blue Campaign is a national public awareness campaign, designed to educate the public, law enforcement and other industry partners to recognize the indicators of human trafficking, and how to appropriately respond to possible cases. Blue Campaign works closely with DHS Components to create general awareness training and materials for law enforcement and others to increase detection of human trafficking, and to identify victims.

Located within the Office of Partnership and Engagement, Blue Campaign leverages partnerships with the private sector, Non-Governmental Organizations (NGO), law enforcement and state/local authorities to maximize national public engagement on anti-human trafficking efforts. Blue Campaign’s educational awareness objectives consists of two foundational elements, prevention of human trafficking and protection of exploited persons.

*** Only 38 states have laws requiring human trafficking training.***

Human Trafficking | NCJWC

WASHINGTON—U.S. Department of Homeland Security (DHS) Acting Secretary Chad Wolf announced Thursday the opening of the DHS Center for Countering Human Trafficking, the U.S. government’s first-ever integrated law enforcement operations center directly supporting federal criminal investigations, victim assistance efforts, intelligence analysis, and outreach and training activities related to human trafficking and forced labor.

The center, which has been operational since early September, is based in Washington and led by U.S. Immigration and Customs Enforcement (ICE), a global leader of criminal investigations into human trafficking and sexual exploitation. The center will be staffed with law enforcement officials from Homeland Security Investigations (HSI) and across DHS, as well as subject matter experts and support staff from 16 DHS components—all focused on the “4 Ps” of the center’s mission: prevention, protection, prosecution and partnerships.

“Human trafficking is modern day slavery. There is no other way to say it,” said Acting Secretary Chad Wolf. “The words are strong because the actions are evil. The forms of exploitation, sex trafficking, forced labor and domestic servitude that constitute human trafficking are antithetical in every way to the principles of human dignity that Americans hold dear. The launch of this Center for Countering Human Trafficking represents the investment of resources, attention and time by President Trump to combat and dismantle all forms of human trafficking.”

On Jan. 15, Wolf signed and released the DHS Strategy to Combat Human Trafficking, the Importation of Goods Produced with Forced Labor, and Child Sexual Exploitation which pledged to bolster DHS efforts to combat human trafficking and forced labor.
“Human trafficking, whether through sex or labor, is a detriment to our society and threatens the moral conscience of our nation. Criminal organizations target those who are most vulnerable and exploit them through any means necessary, victims are treated as commodities rather than human beings, with no regard for their health and well-being,” said ICE Senior Official Performing the Duties of Director Tony Pham. “ICE, along with our internal and external partners, will continue to fight against these atrocities and answer victims’ cries for help. The Center for Countering Human Trafficking will serve as evidence that when we work collectively against such heinous acts, we combat the threat they pose to national security and to public safety.”

ICE’s HSI has long been a global leader in investigating human trafficking and sexual exploitation cases and bringing offenders to justice. The Center will build on the agency’s “victims first” approach, which balances victim identification, rescue and support with prevention, investigation and prosecution of traffickers. ICE HSI is uniquely positioned to utilize criminal, immigration and trade-based authorities to proactively identify, disrupt and dismantle cross-border human trafficking organizations.

In fiscal year 2019, ICE initiated 1,024 human trafficking and forced labor related cases which led to 2,197 criminal arrests. These effective actions resulted in nearly 700 convictions and the rescue of more than 400 victims.

Reporting suspected sexual or labor exploitation can help decrease or stop further victimization, as well as lead to the identification and rescue of other possible victims. To report suspicious activity or instances of sexual abuse or exploitation, contact your local law enforcement agency. Tips can be submitted online at ice.gov/tipline, by phone at 866-DHS-2-ICE or by contacting your local ICE office.

DOJ Charges 6 Russian Military Hackers for Global Cyberattacks

Posted on by

FNC: The Justice Department on Monday announced the indictment of six military hackers with the Russian GRU who allegedly carried out a global conspiracy that included cyberattacks around the world.

The alleged attacks hit targets in Ukraine, the 2018 Winter Olympics in South Korea, and western Pennsylvania.

“No country has weaponized its cyber-capabilities as maliciously and irresponsibly as Russia,” Assistant Attorney General John C. Demers said at a DOJ press conference.

The defendants are six current and former members of GRU, Russia’s military intelligence service. The DOJ said the attacks began in November 2015 and continued until at least October 2019. The allegations do not include any interference in U.S. elections.

The alleged attacks include malware strikes against the Ukrainian power grid, Ministry of Finance, and State Treasury Service; spearphishing campaigns and attacks against French President Emmanuel Macron’s political party, local French governments, and French politicians before their 2017 elections; the global NotPetya malware attack that infected computer worldwide including those in medical facilities in western Pennsylvania and a large American pharmaceutical company; the Olympic Destroyer attack that targeted computers supporting the 2018 Olympics; a spearphishing campaign targeting South Korean officials and citizens, as well as Olympic athletes; another spearphishing campaign against the United Kingdom’s Defence Science and Technology Laboratory, and attacks targeting government entities and companies in Georgia.

(Source: FBI)

(Source: FBI)

The NotPetya attack alone allegedly resulted in nearly $1 billion in losses, the DOJ said.

The Olympic attacks allegedly came after Russian athletes were banned from competing under the Russia flag due to their country’s government-sponsored doping efforts. The defendants – Yuriy Sergeyevich Andrienko, Sergey Vladimirovich , Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko and Petr Nikolayevich Pliskin – are charged with conspiracy, computer hacking, wire fraud, aggravated identity theft and false registration of a domain name.

“The crimes committed by these defendants,” said Western District of Pennsylvania U.S. Attorney Scott Brady, “are truly breathtaking in their scope, scale, and impact.”

The Justice Department thanked tech companies including Google, Facebook and Twitter for assisting them in their investigation, but did not explain how they helped.

***

In part from the Justice Department: These GRU hackers and their co-conspirators engaged in computer intrusions and attacks intended to support Russian government efforts to undermine, retaliate against, or otherwise destabilize: (1) Ukraine; (2) Georgia; (3) elections in France; (4) efforts to hold Russia accountable for its use of a weapons-grade nerve agent, Novichok, on foreign soil; and (5) the 2018 PyeongChang Winter Olympic Games after Russian athletes were banned from participating under their nation’s flag, as a consequence of Russian government-sponsored doping effort.

Their computer attacks used some of the world’s most destructive malware to date, including: KillDisk and Industroyer, which each caused blackouts in Ukraine; NotPetya, which caused nearly $1 billion in losses to the three victims identified in the indictment alone; and Olympic Destroyer, which disrupted thousands of computers used to support the 2018 PyeongChang Winter Olympics.  The indictment charges the defendants with conspiracy, computer hacking, wire fraud, aggravated identity theft, and false registration of a domain name.

According to the indictment, beginning in or around November 2015 and continuing until at least in or around October 2019, the defendants and their co-conspirators deployed destructive malware and took other disruptive actions, for the strategic benefit of Russia, through unauthorized access  to victim computers (hacking).  As alleged, the conspiracy was responsible for the following destructive, disruptive, or otherwise destabilizing computer intrusions and attacks:

  • Ukrainian Government & Critical Infrastructure: December 2015 through December 2016 destructive malware attacks against Ukraine’s electric power grid, Ministry of Finance, and State Treasury Service, using malware known as BlackEnergy, Industroyer, and KillDisk;
  • French Elections: April and May 2017 spearphishing campaigns and related hack-and-leak efforts targeting French President Macron’s “La République En Marche!” (En Marche!) political party, French politicians, and local French governments prior to the 2017 French elections;
  • Worldwide Businesses and Critical Infrastructure (NotPetya): June 27, 2017 destructive malware attacks that infected computers worldwide using malware known as NotPetya, including hospitals and other medical facilities in the Heritage Valley Health System (Heritage Valley) in the Western District of Pennsylvania; a FedEx Corporation subsidiary, TNT Express B.V.; and a large U.S. pharmaceutical manufacturer, which together suffered nearly $1 billion in losses from the attacks;
  • PyeongChang Winter Olympics Hosts, Participants, Partners, and Attendees: December 2017 through February 2018 spearphishing campaigns and malicious mobile applications targeting South Korean citizens and officials, Olympic athletes, partners, and visitors, and International Olympic Committee (IOC) officials;
  • PyeongChang Winter Olympics IT Systems (Olympic Destroyer): December 2017 through February 2018 intrusions into computers supporting the 2018 PyeongChang Winter Olympic Games, which culminated in the Feb. 9, 2018, destructive malware attack against the opening ceremony, using malware known as Olympic Destroyer;
  • Novichok Poisoning Investigations: April 2018 spearphishing campaigns targeting investigations by the Organisation for the Prohibition of Chemical Weapons (OPCW) and the United Kingdom’s Defence Science and Technology Laboratory (DSTL) into the nerve agent poisoning of Sergei Skripal, his daughter, and several U.K. citizens; and
  • Georgian Companies and Government Entities: a 2018 spearphishing campaign targeting a major media company, 2019 efforts to compromise the network of Parliament, and a wide-ranging website defacement campaign in 2019.

Cybersecurity researchers have tracked the Conspirators and their malicious activity using the labels “Sandworm Team,” “Telebots,” “Voodoo Bear,” and “Iron Viking.”