The US charges a Russian civilian for allegedly assisting GRU spies in targeting Ukrainian government systems with data-destroying malware

The Department of Justice has charged a Russian civilian, Amin Stigal, with conspiracy to destroy Ukrainian government computer systems as part of a broader hacking effort by Russia prior to its illegal invasion of Ukraine. According to U.S. prosecutors in Maryland, Stigal, 22, is wanted for his role in setting up servers used by Russian government hackers to launch destructive cyberattacks on Ukrainian government ministries in January 2022, just a month before Russia’s invasion.

The cyberattack campaign, known as “WhisperGate,” utilized wiper malware that posed as ransomware but irreversibly scrambled data on infected devices. Prosecutors stated that these attacks aimed to create concern among Ukrainian civil society regarding the safety of their government’s systems.

Stigal is also accused of aiding hackers from Russia’s military intelligence unit, the GRU, in targeting Ukraine’s allies, including the United States. The unsealed indictment reveals that Stigal allegedly used cryptocurrency to pay for and set up servers from an unnamed U.S.-based company. These servers enabled GRU hackers to carry out cyberattacks on Ukrainian government systems, resulting in the destruction of data.

The Russian hackers reportedly stole vast amounts of data during these cyberattacks, including citizens’ health records, criminal records, and motor insurance data from Ukrainian government databases. This stolen data was later advertised for sale on cybercrime forums.

Additionally, U.S. prosecutors claim that the Russian hackers targeted an unnamed U.S. government agency based in Maryland dozens of times between 2021 and 2022, prior to the invasion. This allowed prosecutors in Maryland to take jurisdiction over the case and charge Stigal.