Russian national indicted for role in cyberattacks on Ukraine

Amin Timovich Stigal is alleged to have participated in attacks dubbed “WhisperGate” ahead of Russia’s 2022 invasion of Ukraine.
An aerial view of the building of the Main Directorate of the General Staff of the Armed Forces, also known as the Main Intellegence Directorate, or GRU, July 06, 2023, in Moscow, Russia. (Photo by Contributor/Getty Images)

A federal grand jury in Maryland on Wednesday indicted a Russian who allegedly worked with his country’s military intelligence to attack targets in Ukraine ahead of Russia’s full-scale invasion in 2022. 

Amin Timovich Stigal, 22, participated in wiper attacks against Ukrainian military and civilian targets, federal prosecutors said, using malware disguised to look like ransomware that researchers later dubbed “WhisperGate.”

Stigal, who remains at large, faces charges of conspiracy to hack into and destroy government systems and data, the Department of Justice said in a statement. He faces a maximum penalty of five years in prison.

The U.S. State Department separately announced Wednesday a $10 million reward for information on Stigal through its Rewards for Justice program. As early as 2021, computer environments managed by Stigal were used as part of WhisperGate campaigns, according to the State Department, including in operations against Ukrainian, NATO and U.S. computer networks.

Amin Timovich Stigal (U.S. State Department)

In May 2022, Authorities in the U.S., U.K., Canada, Australia and New Zealand formally blamed the Russian government for deploying WhisperGate as part of a formal attribution for a separate operation targeting Viasat, a satellite communications company whose modems were hobbled as the invasion commenced.

Part of the WhisperGate activity included stealing civilian data from Ukrainian targets, including patient health records, and posting it for sale online for a relatively paltry $10,000, according to a June 2023 report from Microsoft. The group behind the WhisperGate deployment used the persona “Free Civilian” to advertise the material for sale, Microsoft said.

The Free Civilian Telegram channel remains available, but the last post was more than a year ago. A message sent to the contact for the channel went unanswered Wednesday.

The group, tracked by Microsoft as “Cadet Blizzard,” has been operational in some capacity since at least 2020 and has engaged in “focused destructive attacks, espionage, and information operations in regionally significant areas,” including attacks in Ukraine, Europe and Latin America, according to the Microsoft report.

Latest Podcasts