WhisperGate suspect indicted as US offers a $10M bounty for his capture
Russian national accused of attacks in lead-up to the Ukraine war
The US Department of Justice has indicted a 22-year-old Russian for allegedly attacking Ukrainian government computers and destroying critical infrastructure systems in the so-called “WhisperGate” wiper attack that preceded Russia's illegal invasion of the European nation.
If convicted, Amin Timovich Stigal faces a maximum penalty of five years in prison. In addition to the indictment, handed down by a federal grand jury in Maryland on Tuesday, the US State Department today offered a reward of up to $10 million for information on Stigal's location and alleged cyber crimes.
"As alleged, the defendant conspired with Russian military intelligence on the eve of Russia's unjust and unprovoked invasion of Ukraine to launch cyber attacks targeting the Ukrainian government and later targeting its allies, including the United States," US attorney general Merrick Garland declared in a statement.
If you can see this man, and get him to the authorities, then $10 million could be yours – Click to enlarge
Stigal and others first conspired with Russia's GRU military intelligence unit on the cyber attacks in January 2022 – a month before the full-scale invasion of Ukraine – according to court documents.
in that month, actors that Ukraine's government alleged operated from Belarus deployed a strain of data-destroying malware, later dubbed WhisperGate, on "dozens" of Ukrainian targets. The attacks hit critical infrastructure networks including government agencies, military and defense, as well as in agriculture, education, science and emergency service organizations.
"The Conspirators used software that was designed to appear as if the computers had suffered a ransomware attack, when in fact the data on the computers had been deleted," the indictment states [PDF].
- Cisco whips up modded switch to secure Ukraine grid against Russian cyberattacks
- Microsoft: Russia sent its B team to wipe Ukrainian hard drives
- Data-wiper malware strains surge as Ukraine battles ongoing invasion
- Ukraine's Victor Zhora: Russia's cyber 'war crimes' will continue after ground invasion ends
In May 2022, the US and some allies attributed the WhisperGate attack to the Russian military. Microsoft's Threat Intelligence unit named the group "Cadet Blizzard" and linked it to the GRU.
In addition to dropping the info-destroying malware, the criminals defaced government websites, snooped through online systems, and stole personal data – such as medical records – belonging to thousands of Ukrainians.
"The purpose of the attack was, in part, to sow concern among Ukrainian citizens regarding the safety of their Government's systems and their personal data in advance of the Russian attack of Ukraine," according to the court papers.
Russia is also accused of breaking into an unnamed Central European country's infrastructure in October 2022, as well as probing US systems – including "multiple sites maintained by a US Government Agency located in Maryland."
To cover their tracks and conceal their Russian government ties, the criminals used fake identities and infrastructure located in the US and elsewhere, we're told. ®