A Russian was charged with conspiring to hack and destroy computer systems and data in Ukraine and allied countries, including the United States, the US Justice Department (DoJ) announced in June 2024, offering a $10 million reward for information. Amin Timovich Stigal, a 22-year-old Russian national, has been indicted in Maryland, US, for his alleged role in staging destructive cyber-attacks against Ukraine and its allies in the days leading to Russia's full-blown military invasion of Ukraine in early 2022. He hacked into and destroyed the Ukrainian government’s computer systems and data ahead of the Russian invasion in February 2022.[1]
The defendant is affiliated with the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). He remains at large, and if convicted, he faces a maximum penalty of five years in prison. “As alleged, the defendant conspired with Russian military intelligence on the eve of Russia’s unjust and unprovoked invasion of Ukraine to launch cyber-attacks targeting the Ukrainian government and later targeting its allies, including the United States,” said US Attorney General Garland. “The Justice Department will continue to stand with Ukraine on every front in its fight against Russia’s war of aggression, including by holding accountable those who support Russia’s malicious cyber activity,” the US Justice Dept said in a statement on its website. “Amin Timovich Stigal attempted to leverage malware to aid the Russian military in the invasion of Ukraine,” said FBI Deputy Director Paul Abbate.
“Today’s indictment demonstrates the FBI’s unwavering commitment to combat malicious cyber activities by our adversaries, and we will continue to work with our international partners to thwart attempts to undermine and harm our allies.” According to court documents, Stigal was involved in a January 2022 malicious campaign led by the Russian Military Intelligence (GRU).
The attacks entailed the use of wiper malware codenamed WhisperGate, which hacked government, non-profit, and information technology entities in Ukraine. They were first recorded around mid-January 2022. The malware is disguised as ransomware but would render the infected computer system inoperable if activated by the attacker.
According to court documents, Stigal et al. have used an unnamed US-based company's services to distribute WhisperGate and exfiltrate sensitive data, including patient health records. In addition, they defaced the websites and put up the stolen information for sale on cyber-crime forums in an apparent effort to sow concern among the broader Ukrainian population regarding the safety of government systems and data. "From August 5, 2021, through February 3, 2022, the conspirators leveraged the same computer infrastructure they used in the Ukraine-related attacks to probe computers belonging to a federal government agency in Maryland in the same manner as they had initially probed the Ukrainian Government networks," the Justice Department (DoJ) said.
This article is shared at no charge and is for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5378972949933166424
[1] https://www.cybersecurityintelligence.com/blog/hacker-responsible-for-wiper-malware-identified-7756.html
Comments