The U.S. Department of Justice (DOJ) on Thursday unsealed an indictment against five Russian intelligence officers and one Russian civilian for carrying out the “Whispergate” cyberattack on Ukrainian infrastructure in January 2022. While the case is largely symbolic, it offers an intriguing glimpse into what the FBI described as the “first blow of the war.”
Opened Indictment Five officers from Russia's Main Intelligence Directorate (GRU) were named as accomplices of a civilian hacker named Amin Timovich Stigall. Indictment In June, the government named only Sitgar as the perpetrator of the attack.
The GRU officers belonged to units known as “Cadet Blizzard,” “Ember Bear” and “Dev-0586.” The unit's commander, Yuri Denisov, was among the men indicted on Thursday. The GRU teams were tasked with using malware to attack critical infrastructure in Europe, Central America and Asia.
“Stigall, who is originally from Chechnya, said:Whispergate.”
The most notable feature of Whispergate is that it “disguised” itself as a ransomware attack, in which data on infected systems is encrypted and held hostage until the victim pays a ransom to unlock it. To create the illusion that they were a regular data theft group, Stigall and the GRU team made some of the stolen data available for purchase on the Internet.
In reality, Whispergate destroyed data so thoroughly that it was impossible to recover, including core operating software, which, if destroyed, would render the entire device or system unusable.
According to the Justice Department, Stigall conspired with a GRU team to infect critical Ukrainian systems with Whispergate and other destructive malware in January 2022 as a prelude to the Russian invasion that began the following month.
The goals of the Whispergate attack were to steal information from Ukrainian systems, cripple critical infrastructure, and instill fear among the Ukrainian people. Stigall and his GRU co-conspirators hacked Ukrainian websites with messages like, “Ukrainians! All information about you is now public. Be afraid and prepare for the worst. This is what will happen to you, your past, your present, and your future!”
Deputy Attorney General Matthew G. Olsen said Thursday that the Whispergate attack “emblems an abhorrent disregard for innocent civilians as Russia wages its unjust aggression.”
Other U.S. officials noted that the Russian malware spread so quickly, without any checks or controls from GRU officials, that it became an electronic pandemic that infects systems far beyond Ukraine's borders.
Russia also deliberately attacked U.S. and European computer systems, including federal systems in the state of Maryland, as part of battlefield preparations for an invasion of Ukraine.
One of the charges against Stigal and other GRU officials is that they conspired to distribute cyber weapons using the services of a U.S.-based company. According to prosecutors, Stigal In preparation In the 2020 attack, he created multiple accounts at an unnamed U.S. company that provides messaging and voicemail services and submitted them as evidence of the attack, after which he uploaded hundreds of files to these accounts, including the dangerous Whispergate virus.
“The FBI, along with our law enforcement partners and allies, will continue to relentlessly pursue and counter these threats. This cyberwarfare will not be tolerated. The scope of Russian crimes cannot be ignored.” I swore FBI Special Agent Bill Delvagno said at a press conference Thursday.
It wasn't immediately clear what the fate of the Russian hackers might be, as they all appear to be safely out of reach of U.S. law enforcement: The State Department has offered a $10 million bounty for information leading to their arrest.
“They are being targeted. We know who they are. There is a bounty on them and we will pursue them relentlessly. The message to the GRU and Russia is clear: we are coming after you,” Olsen said.
Ivan Karabashkin, deputy head of the cybersecurity department of the Ukrainian intelligence agency SBU, praised the indictment while speaking at a cybersecurity forum in Washington on Thursday. He said Ukraine was enduring 10 to 15 Russian cyberattacks a day.
