U.S. charges five Russian military members for destructive cyber ops, hack-and-leak campaigns
A notorious Russian military intelligence unit known for poisonings and other physical aspects of hybrid warfare has in recent years expanded to include cyber-enabled espionage, sabotage and disruptive actions, law enforcement and cyber officials in the U.S and U.K. said Thursday.
The revelation came as the U.S. Department of Justice announced charges against six hackers working with Unit 29155 of the Russian Main Intelligence Directorate (GRU) with conspiracy to commit computer intrusion and wire fraud conspiracy. Five of the accused are officers in the GRU unit, while the sixth was a civilian already under indictment in the U.S. for his alleged role in facilitating disruptive attacks.
The charges come a day after the U.S. government announced sweeping action against alleged Russian efforts to interfere in the 2024 U.S. elections, including seizing domains and indicting two Russians working for Russia Today. Kostiantyn Kalashnikov and Elena Afanasyeva are accused of funneling $10 million into a U.S. company to covertly push Russian narratives.
The charges announced Thursday stem from the group’s alleged role in hack-and-leak and disruptive operations — including malware designed to look like ransomware — across dozens of countries dating back to 2020, according to an indictment unsealed Thursday. On Jan. 13, 2022, the group attacked at least two dozen Ukrainian government networks using malware known as WhisperGate, which was made to look like ransomware but was, instead, destructive malware “designed to completely destroy the target computer and related data in advance of the Russian invasion of Ukraine,” the DOJ said in a statement.
The U.S. and a coalition of international partners in May 2022 attributed the destructive activity to the Russian government.
In August 2022, the same group hacked transportation infrastructure in an unnamed central European country that was supporting Ukraine, according to the DOJ, and had “probed” a variety of computer systems associated with 26 NATO member countries searching for potential vulnerabilities.
Between Aug. 5, 2021 and Feb. 3, 2022, the same group had also probed computers belonging to an unnamed U.S. federal government agency in Maryland, according to the indictment.
The defendants charged are Yuriy Denisov, a colonel in the Russian military and commanding officer of Cyber Operations for Unit 29155, and four of his lieutenants: Vladislav Borokov, Denis Denisenko, Dmitriy Goloshubov and Nikolay Korchagin.
A civilian co-conspirator, Amin Stigal, was indicted in June for his role in WhisperGate activities, but the superseding indictment announced Thursday added wire fraud conspiracy to his list of charges.
Also on Thursday, the U.S. State Department announced a reward of up to $10 million for information on any of the suspects’ locations or cyber activity.
“They are marked people,” Assistant Attorney General Matthew G. Olsen of the DOJ’s National Security Division told reporters Thursday, speaking about the logic of bringing charges against Russian military officers. “Now we know who they are. There’s a reward on their head, and we’re going to pursue them relentlessly.”
Olsen added that the action sends a broader message to Russian military intelligence and the Russian government: “We are on to you. We penetrated your systems. … You better pay attention to the fact that we have gotten to you and we are in your system.”