Russian Civilian Charged with Conspiracy to Destroy Ukrainian Government Computer Systems
In a significant development, the Department of Justice has charged Amin Stigal, a 22-year-old Russian civilian, with conspiracy to destroy Ukrainian government computer systems. The charges were announced by U.S. prosecutors in Maryland who revealed that Stigal played a crucial role in setting up servers used by Russian government hackers to launch destructive cyberattacks on Ukraine’s government ministries in January 2022. These cyberattacks took place just a month before Russia’s illegal invasion of Ukraine.
The cyberattack campaign, dubbed “WhisperGate,” employed wiper malware disguised as ransomware. Rather than holding the data hostage for a ransom, the malware deliberately and irreversibly scrambled the data on infected devices. Prosecutors argue that this was done to instill fear and uncertainty among Ukrainian citizens regarding the security of their government’s systems.
Stigal is also accused of aiding hackers from Russia’s military intelligence unit, known as the GRU, in targeting Ukraine’s allies, including the United States. The indictment against Stigal, unsealed recently, alleges that he used cryptocurrency to pay for and set up servers from an undisclosed U.S.-based company. These servers allowed the Russian GRU hackers to carry out cyberattacks on the Ukrainian government using the data-destroying malware.
The stolen data from these cyberattacks included sensitive information such as citizens’ health records, criminal records, and motor insurance data from Ukrainian government systems. Shockingly, the hackers later advertised this stolen data for sale on well-known cybercrime forums.
Notably, the Russian hackers also targeted an unnamed U.S. government agency based in Maryland multiple times between 2021 and 2022. This repeated targeting paved the way for U.S. prosecutors in the district to take jurisdiction over the case and seek charges against Stigal.
Furthermore, it has been revealed that in October 2022, the same servers set up by Stigal were used by Russian hackers to launch a cyberattack on the transportation sector of an unidentified central European country. This country had been providing civilian and military aid to Ukraine following the invasion. This incident aligns with a cyberattack that occurred in Denmark during the same period, causing widespread disruptions in the country’s railway network.
As Stigal remains at large and is believed to be in Russia, the U.S. government has issued a $10 million bounty for information leading to his whereabouts or capture. If convicted, Stigal could face up to five years in prison.
This case highlights the alarming extent of Russia’s cyber warfare activities and their attempts to destabilize governments and sow fear among citizens. It also underscores the critical need for international cooperation in combating cyber threats and holding those responsible accountable for their actions.