The US federal authorities are offering a $10 million reward for help in finding a Russian hacker accused of supporting the invasion of Ukraine in 2022. He carried out attacks on Ukraine’s state computer systems, posing as an ordinary cybercriminal, but in fact cooperating with Russian military intelligence.
Amin Timovich Stigal attacked important, non-military Ukrainian government computer systems before the invasion; published citizen data in an attempt to sow doubt in the government; and later harassed countries that supported Ukraine, including the United States. This is stated in a federal indictment filed in Maryland, where he attempted to attack a U.S. government facility.
The Chechnya-born hacker launched a malware system known as WhisperGate, which was meant to look like a common ransomware attack. Federal prosecutors say WhisperGate is actually a «cyber weapon» designed to delete victims’ data and disable targeted computers. Stigal, 22, managed the system for the Main Directorate of the General Staff (GRU).
It is noted that Stigal and his unnamed GRU co-conspirators attacked some of the most used Ukrainian government services several months before the invasion in February 2022.
The attacks hit at least two dozen protected computers, including those in the Ministry of Foreign Affairs, the Treasury, the Judicial Administration, the Ministry of Agrarian Policy and Food of Ukraine, the Ministry of Energy and the State Emergency Service, the indictment says.
The WhisperGate malware was disguised to look like the work of ordinary cybercriminals, not Russian government agencies. The WhisperGate activity was accompanied by messages demanding a ransom of $10 thousand in bitcoins for the recovery of stolen data. But the real goal of the hackers was to delete the data and disable government computers.
The GRU hackers also targeted Ukrainian citizens directly, stealing data from 13.5 million users of the government’s Digital Services Portal «Diia». The data was subsequently posted on the darknet, according to court documents.
A few weeks before the Russian invasion, they posted a message on the «Actions» website:
«Ukrainians! All information about you has become public, be afraid and expect the worst. This is for your past, present and future».
According to the indictment, Stigal and his co-conspirators concealed their ties to the Russian government by using false identities, making false statements, and using a network of computers around the world, including the United States. They financed their activities with bitcoin.
According to the indictment, Stigal and his WhisperGate co-conspirators began attacking countries that supported Ukraine after the invasion, including the United States. The attackers targeted the transportation infrastructure of an unnamed Central European country that plays an important role in delivering aid to Ukraine and a US government agency based in Maryland.
Spelling error report
The following text will be sent to our editors: