The U.S. indicted Russian national Amin Timovich Stigal for his alleged role in cyberattacks targeting Ukrainian government computer networks in an operation from the Russian foreign military intelligence agency (GRU) prior to invading the country.
The announcement from the Department of Justice (DoJ) says that in January 2022 Stigal and members of the GRU used a U.S.-based company to distribute the WhisperGate pseudo-ransomware to systems at dozens of Ukrainian government entities to destroy data.
A Microsoft analysis at the time showed that although WhisperGate demanded a payment of $10,000 in Bitcoin, it practically acted as a data wiper that corrupted all disk partitions beyond restoration.
Apart from data wiping attacks, Stigal was also involved in exfiltrating sensitive data and leaking information to instill fear and uncertainty in Ukraine.
“The conspirators compromised several of the targeted Ukrainian computer systems, exfiltrated sensitive data, including patient health records, and defaced the websites to read: “Ukrainians! All information about you has become public, be afraid and expect the worst. This is for your past, present and future,” the DoJ says.
“That same day, the conspirators offered the hacked data for sale on the internet. The effort was aimed at sowing concern among the broader Ukrainian population regarding the safety of government systems and data” - U.S. Department of Justice
This activity was a precursor to Russia’s invasion of Ukraine but later it externded to more countries that expressed their support for Ukraine, including the United States.
For example, in August 2022, Stigal and others hacked into the transportation infrastructure of a country in Central Europe.
According to the indictment, the GRU's hacker was also involved in probing computers at a federal government agency in Maryland, in an attack that relied on the same infrastructure used to compromise Ukraine's government computers.
Rewards for Justice also announced a $10 million reward for the GRU hacker, providing a strong incentive for anyone holding information about Stigal’s whereabouts to share them with the authorities in a secure manner, over the Tor network.
"This man worked with a Russian spy agency on various malware campaigns. He is linked to malicious cyber ops against Ukrainian, NATO, and U.S. computer networks.
Got info on Stigal, his activities, or associates? Contact us. You could be eligible for a reward and relocation" - Rewards for Justice
If arrested and convicted, Stigal faces a potential maximum sentence of five years in prison for his participation in cyberattacks against Ukraine, the U.S., and other NATO member countries.