A federal grand jury in the U.S. state of Maryland has returned an indictment charging a 22-year-old Russian citizen with conspiracy to hack into Ukrainian government computer systems and destroy them and their data.
The man named in the indictment, Amin Stigal, allegedly conspired with Russia’s GRU military intelligence agency and then launched cyberattacks against the Ukrainian government just before Russia’s full-scale invasion in 2022, the U.S. Justice Department said in a news release on June 26.
According to court documents, Stigal and members of the GRU conspired in January 2022 to use a U.S.-based company’s services to distribute malware to dozens of Ukrainian government entities’ computer systems and destroy them and related data stored on them in advance of the Russian invasion.
On January 13, 2022, Stigal and the GRU conspirators attacked multiple Ukrainian government agencies, the Justice Department's news release said. The list included the Ukrainian Foreign Affairs Ministry, the State Treasury, the Judiciary Administration, the Education and Science Ministry, and the Agriculture Ministry.
The conspirators infected computers on the agencies’ networks with malware called WhisperGate, which was designed to look like ransomware but was actually designed to completely destroy the targeted computer and related data.
The indictment says the cybercriminals compromised several of the targeted Ukrainian computer systems, lifted sensitive data and left this message at the websites: “Ukrainians! All information about you has become public, be afraid and expect the worst. This is for your past, present, and future.”
The conspirators offered the hacked data for sale on the Internet in an effort aimed at sowing fear among Ukrainians regarding the safety of government systems, the Justice Department said.
If convicted, Stigal, who remains at large, faces a maximum penalty of five years in prison.
To help catch Stigal and bring him to justice, the U.S. State Department has offered a $10 million reward for information on his whereabouts or about his malicious cyberactivity.