The US has charged six Russian intelligence officers over the devastating NotPetya cyber-attacks that hit AP Moller-Maersk in 2017.
The raid severely disrupted the Danish giant's port and shipping operations for two weeks, costing it $300m and forcing a beefing up of digital security.
The men charged by a federal grand jury in Pittsburgh are officers with the Russian Main Intelligence Directorate (GRU), the US Department of Justice said.
They are accused of trying to "undermine, retaliate against, or otherwise destabilise" Ukraine and Georgia, as well as elections in France and efforts to hold Russia accountable for its use of the weapons-grade nerve agent novichok on foreign soil, prosecutors said.
Winter Olympics targeted
They are also alleged to have targeted the 2018 Pyeongchang Winter Olympic Games after Russian athletes were banned from participating under their nation's flag, as a consequence of what the US calls a Russian government-sponsored doping effort.
NotPetya caused nearly $1bn of losses to three victims alone, although Maersk does not appear to be named in the unsealed indictment.
The six men were also accused of involvement in "some of the world's most destructive malware to date", including KillDisk and Industroyer.
The defendants are named as Yuriy Sergeyevich Andrienko, 32; Sergey Vladimirovich Detistov, 35; Pavel Valeryevich Frolov, 28; Anatoliy Sergeyevich Kovalev, 29; Artem Valeryevich Ochichenko, 27; and Petr Nikolayevich Pliskin, 32.
Seven counts
They are charged with seven counts of conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft.
"The defendants are presumed innocent unless and until proven guilty beyond a reasonable doubt," the US Department of Justice said.
In 2019, Maersk chief information security officer Andy Powell told the Black Hat Europe conference that a power cut in Nigeria saved its network infrastructure during the NotPetya attack.
He said the malware wiped out almost all online backups of the company’s Active Directory, except for some data held in Lagos.
This backup travelled with a Maersk employee on the next flight out of the city, according to The Daily Swig cyber security website.
Active Directory is a Microsoft service that manages network access permissions within Windows.
Maersk’s network was crippled within seven minutes of the attack. Most of the damage was done within an hour and it took nine days to restore its Active Directory system.
Powell said this was "not good enough", with 24 hours as the target.
Cyber-attacks have proved increasingly costly to liner operators in recent years, beginning with the Maersk hit.
MSC and Cosco attacked
More limited assaults saw Mediterranean Shipping Co hit in April this year and Cosco Shipping Lines in the US in July 2018.
CMA CGM launched an investigation, conducted by internal and independent experts, into what became the third major cyber-attack to hit the shipping and logistics sector in September.
Earlier last month, French logistics company GEFCO and Danish counterpart Blue Water Shipping were both victims of cyber-attacks on their systems.
Shipbuilder Vard and tanker owner James Fisher, as well as the IMO, have also been hit in recent months.
