I would suggest everyone read the full indictment.
A number of items are odd: [On or about December 11, 2017, the Conspirators created a malicious "Seoul Bus Tracker" mobile application and registered the mobile application with a mobile application store approximately 1 hour later.] with multiple other apps created and attempted distribution in a very short time frame. Pretty fast work. There is also mention of 15000 web sites defaced in late 2019 - they must be incredibly productive...
Attribution is also interesting: is the "creation date" from just looking at file time stamps? Probably from the app application process?
Then there's the attribution of "creation of components" for NetPetya, Olympic Destroyer etc. The actual charges relate to spearphishing and transmission - there is nothing in the indictment indicating the creation other than the allegation.
The indictment does say that the NotPetya transmission component was via redirecting the web address target for the MEDocs software - makes a lot of sense.
Overall: if you just look at the behavior, it looks like a ransomware gang: spearphishing, network traversal, bitcoin payment for infrastructure etc.
I look forward to see how specific attribution to these 6 people was performed.