The Justice Department has charged a Russian citizen with conspiring to destroy Ukrainian government computer systems as part of Russia's widespread hacking effort ahead of its illegal invasion of Ukraine.
U.S. prosecutors in Maryland said Wednesday that 22-year-old Amin Stigal is wanted for helping set up servers used by Russian government hackers to launch destructive cyber attacks on Ukrainian ministries in January 2022, a month before the Kremlin deployed tanks and ordered troops to cross Ukraine's borders.
The cyberattack campaign, known as 'WhisperGate', was based on so-called wiper malware that masqueraded as ransomware but deliberately and irreversibly encrypted data on infected devices. Prosecutors said the cyber attacks were intended to “sow concern” among Ukrainian civil society about the security of their government's systems.
Stigal is also accused of helping hackers working for Russia's military intelligence unit – known as the GRU – attack Ukraine's allies, including the United States. the indictment against Stigal that was unveiled on Wednesday.
According to the unsealed indictment, Stigal allegedly used cryptocurrency to pay for and set up servers of an unnamed American company, allowing the Russian GRU hackers to launch their cyber attacks against the Ukrainian government with the data-destroying malware.
The Russian hackers stole large amounts of data during the cyber attacks, including citizens' health data, criminal records and car insurance data from Ukrainian government systems, the indictment alleges. The hackers later advertised the data for sale on well-known cybercrime forums.
U.S. prosecutors say the Russian hackers also targeted an unnamed U.S. government agency in Maryland dozens of times between 2021 and 2022 before the invasion, allowing prosecutors in the district to take jurisdiction over the case and charge Stigal.
Later in October 2022, the Russian hackers used the same servers set up by Stigal to attack the transportation sector of an unnamed Central European country, which, according to US prosecutors, provided civil and military aid to Ukraine after the invasion. The incident is consistent with the timing of a cyber attack in October 2022 in Denmarkwhich caused massive disruptions and delays on the country's rail network at the time.
That's what the US government said it offers a $10 million bounty for information leading to the whereabouts or capture of Stigal, who is still at large and believed to be in Russia.
Stigal faces up to five years in prison if convicted.