Geopolitics

Russian national indicted for role in cyberattacks on Ukraine

Amin Timovich Stigal is alleged to have participated in attacks dubbed “WhisperGate” ahead of Russia’s 2022 invasion of Ukraine.

By AJ Vicens

June 26, 2024

An aerial view of the building of the Main Directorate of the General Staff of the Armed Forces, also known as the Main Intellegence Directorate, or GRU, July 06, 2023, in Moscow, Russia. (Photo by Contributor/Getty Images)

A federal grand jury in Maryland on Wednesday indicted a Russian who allegedly worked with his country’s military intelligence to attack targets in Ukraine ahead of Russia’s full-scale invasion in 2022.

Amin Timovich Stigal, 22, participated in wiper attacks against Ukrainian military and civilian targets, federal prosecutors said, using malware disguised to look like ransomware that researchers later dubbed “WhisperGate.”

Stigal, who remains at large, faces charges of conspiracy to hack into and destroy government systems and data, the Department of Justice said in a statement. He faces a maximum penalty of five years in prison.

The U.S. State Department separately announced Wednesday a $10 million reward for information on Stigal through its Rewards for Justice program. As early as 2021, computer environments managed by Stigal were used as part of WhisperGate campaigns, according to the State Department, including in operations against Ukrainian, NATO and U.S. computer networks.

Amin Timovich Stigal (U.S. State Department)

In May 2022, Authorities in the U.S., U.K., Canada, Australia and New Zealand formally blamed the Russian government for deploying WhisperGate as part of a formal attribution for a separate operation targeting Viasat, a satellite communications company whose modems were hobbled as the invasion commenced.

Part of the WhisperGate activity included stealing civilian data from Ukrainian targets, including patient health records, and posting it for sale online for a relatively paltry $10,000, according to a June 2023 report from Microsoft. The group behind the WhisperGate deployment used the persona “Free Civilian” to advertise the material for sale, Microsoft said.

The Free Civilian Telegram channel remains available, but the last post was more than a year ago. A message sent to the contact for the channel went unanswered Wednesday.

The group, tracked by Microsoft as “Cadet Blizzard,” has been operational in some capacity since at least 2020 and has engaged in “focused destructive attacks, espionage, and information operations in regionally significant areas,” including attacks in Ukraine, Europe and Latin America, according to the Microsoft report.

Russian national indicted for role in cyberattacks on Ukraine

More Like This

Chinese hackers are increasingly deploying ransomware, researchers say

Chinese-aligned hacking group targeted more than a dozen government agencies, researchers find

Protecting America’s cybersecurity demands showing our teeth

Top Stories

US businesses struggle to obtain cyber insurance, lawmakers are told

FCC wants major telecoms to step up rules around AI-generated robocalls

More Scoops

Victor Zhora on cataloging cyberwar crime evidence against Russian hackers targeting Ukraine

Pro-Russian hackers remain active amid Ukraine counteroffensive

Microsoft identifies new hacking unit within Russian military intelligence

Hacks, leaks and wipers: Google analyzes a year of Russian cyberattacks on Ukraine

Notorious Russian hacking group appears to resurface with fresh cyberattacks on Ukraine

Notorious Russian military hacking crew behind October ransomware attacks on Ukraine, Poland

How one group of ‘fellas’ is winning the meme war in support of Ukraine

Latest Podcasts

How Troy Hunt knows if you’ve been hacked and Washington tries to understand AI

Why pig butchering is the worst kind of online scam

How the FBI fights ransomware

Selena Larson on e-crime matching nation state hackers; Disinfo before the Supreme Court

Government

Technology

Threats

Geopolitics