Russian indicted for cybersecurity attack on Ukraine before war invasion

A federal grand jury indicted Russian national Amin Stigal this week, accusing him of conspiracy to commit fraud by hacking and destroying computer systems.

The U.S. District Court in Maryland issued an arrest warrant for Stigal, 22, who prosecutors said remains at large.

“The Department of Justice will continue to stand with Ukraine on all fronts in its fight against Russia’s war of aggression, including holding accountable those who support Russia’s malicious cyber activities” , US Attorney General Merrick Garland said in a statement announcing the indictment.

The Russian embassy in Washington did not immediately respond to a request for comment.

In the indictment, federal authorities allege that Stigal worked with Russian military intelligence officers from the General Staff’s Main Intelligence Directorate to conduct the agency’s overseas cyberattack operations . Stigal and the military officers concealed their ties to the Russian government using false identities, a network of computers around the world and cryptocurrencies.

The WhisperGate campaign began about a month before Russia’s February 2022 invasion of Ukraine, according to court documents, when Stigal, at the request of the Russian military, hacked into the computers of dozens of government entities Ukrainians, including those dealing with “critical infrastructure,” agriculture, education, science and emergency services.

The attack campaign used software designed to look like a ransomware attack – that is, when access to files is blocked until a ransom is paid – but in fact the files were completely removed, according to the indictment. WhisperGate also stole and leaked personal data, including the medical records of thousands of Ukrainians, which federal authorities said was intended to “sow concern among Ukrainian citizens” about the safety and security of their systems. government.

In October 2022, Stigal and the Russian military also hacked the transportation infrastructure of a central European country, not named in court documents, that had supported Ukraine with civil and military aid after the invasion, according to the indictment.

Federal prosecutors also alleged that, from December 2020 to the present, the Russian military analyzed protected government computers around the world – including in Maryland – as a “preliminary step toward obtaining a unauthorized access”.

In Maryland, Stigal and the Russian military “probed” U.S. government websites hosted by protected computers on 63 occasions, according to court documents. The investigation was the same tactic used in other places to identify vulnerabilities, prosecutors said.

The indictment does not say whether the investigation into U.S. systems in Maryland was successful.

The WhisperGate malware attacked Ukrainian computer systems by first deleting files from targeted computers, according to court documents, and then issuing a ransom note demanding a payment of $10,000 in bitcoin to recover the already erased data.

In a January 2022 incident, federal prosecutors alleged that the Ukrainian National Digital Services Portal website was hacked to display a message in Polish, Russian and Ukrainian that read: “Ukrainians! All the information about you has become public, be afraid and expect the worst. This is for your past, your present and your future.

Hours after that attack, prosecutors say Stigal and the military tried to sell the data, including criminal records and patient health information.

The reward for information on Stigal’s location, set at $10 million, is administered by the State Department’s Rewards for Justice fund.

“Malicious cyber actors who attack our allies should know that we will pursue them to the fullest extent of the law,” said Erek Barron, the U.S. attorney for Maryland. “Cyber ​​intrusion schemes like the one alleged threaten our national security, and we will use every technology and investigative measure at our disposal to disrupt and track down these cybercriminals.”