The US Department of Justice has announced charges against a Russian national for his alleged role in a series of disruptive cyberattacks against Ukraine ahead of Russia’s full-scale invasion in February 2022.
The individual, Amin Timovich Stigal, is believed to be a member of Cadet Blizzard, a state-sponsored threat actor also known as DEV-0586 and Ruinous Ursa, which operates on behalf of Russia’s military intelligence (the Main Intelligence Directorate of the General Staff (GRU) of Russia).
According to court documents, the 22-year-old Stigal conspired to use a US company’s services to distribute WhisperGate to the systems of dozens of Ukrainian government entities.
A Master Boot Record (MBR) wiper masquerading as ransomware, WhisperGate was first seen on victim systems on January 13, 2022, but the attacks had been prepared months in advance.
The US attributed the attacks to Russia in May 2022 and released indicators of compromise (IOCs) associated with WhisperGate and other Russian malware families used in attacks against Ukraine.
Stigal and other conspirators, according to court documents, infected multiple Ukrainian government networks with the intent to completely destroy the target computers and related data. Additionally, the attackers exfiltrated sensitive data, defaced websites, and offered the stolen information for sale on the internet, to cast doubt on the safety of Ukrainian government systems and data.
In August 2022, Stigal was allegedly involved in hacking the transportation infrastructure of a Central European country supporting Ukraine.
Between August 2021 and February 2022, the Justice Department said Stigal and members of GRU abused the services of the same US-based company to probe the systems of a federal government agency in Maryland using the same methods used in the attacks against the Ukrainian government.
Stigal remains at large, but the US is willing to pay a reward of up to $10 million for information on his whereabouts. If convicted, he faces up to five years in prison.
“The defendant conspired with Russian military intelligence on the eve of Russia’s unjust and unprovoked invasion of Ukraine to launch cyberattacks targeting the Ukrainian government and later targeting its allies, including the United States. The Justice Department will continue to stand with Ukraine on every front in its fight against Russia’s war of aggression,” Attorney General Merrick B. Garland said.
Related: The EU Targets Russia’s LNG Ghost Fleet With Sanctions
Related: EU Sanctions Six Russian Hackers
Related: Google, Microsoft: Russian Threat Actors Pose High Risk to Paris Olympics
Related: Europe’s Cybersecurity Chief Says Disruptive Attacks Have Doubled in 2024
