The US federal authorities offer a reward of $10 million for assistance in locating a Russian hacker accused of supporting the invasion of Ukraine in 2022. He carried out attacks on the computer systems of Ukraine, posing as an ordinary cybercriminal but actually collaborating with Russian military intelligence.
Amin Timovich Stigal attacked critical, non-military Ukrainian government computer systems before the invasion; published citizens' data to sow doubt in the government; and later targeted countries supporting Ukraine, including the USA. This is stated in a federal indictment filed in Maryland, where he attempted to attack a US government facility.
The hacker, born in Chechnya, deployed malicious software known as WhisperGate, designed to appear as a typical ransomware attack. The federal prosecutor says WhisperGate is actually "cyber weapons" intended to delete victim data and disable target computers. 22-year-old Stigal oversaw the system for the Main Directorate of the General Staff (GRU).
Stigal and his unnamed accomplices from the GRU attacked some of the most used Ukrainian government services several months before the invasion in February 2022.
The attacks affected at least two dozen secure computers, including at the Ministry of Foreign Affairs, Treasury, Judicial Administration, Ministry of Agrarian Policy and Food of Ukraine, Ministry of Energy, and State Emergency Service, according to the indictment.
WhisperGate malware was disguised to appear as the work of regular cybercriminals, not Russian state entities. WhisperGate's activity was accompanied by messages demanding a ransom of $10,000 in bitcoins for data recovery. However, the hackers' real goal was to erase data and disable government computers.
The GRU hackers also targeted Ukrainian citizens directly by stealing data from 13.5 million users of the government's Digital Services Portal "Diya." The obtained data was subsequently posted on the darknet, according to court documents.
A few weeks before the Russian invasion, they posted a message on the "Diya" website:
"Ukrainians! All information about you has become public. Be afraid and expect the worst. This is for your past, present, and future."
According to the indictment, Stigal and his accomplices hid their ties to the Russian government, using fake identities, making false statements, and operating a network of computers worldwide, including in the USA. They financed their activities with bitcoins.
According to the charges, Stigal and his partners from WhisperGate began attacking countries supporting Ukraine after the invasion, including the USA. Criminals targeted the transportation infrastructure of an unnamed Central European country that plays a crucial role in delivering aid to Ukraine, as well as a US government agency based in Maryland.
Stigal started cooperating with the GRU in December 2020, according to the indictment.
Source: USA Today
- On the night of January 13-14, a hacker attack was carried out on a number of government sites. The State Special Communications noted that the attackers did not gain access to state registers storing Ukrainians' data, so users of the "Diya" application have nothing to worry about.
- Hackers put up for sale a database with personal information of millions of Ukrainian citizens and claimed it was the "Diya" service base. The Ministry of Digital Transformation called it a provocation and a continuation of the hybrid war.
Comments (0)
There are no comments for now