Science and TechData Privacy and Cybersecurity

Actions

US charges 6 Russians for cyberattacks on NATO countries that support Ukraine, including US

The Department of Justice is offering a reward of up to $10 million for information on the hackers, five of whom were GRU officers and the other a civilian.
Coding on a computer monitor.
Posted

A group of Russian hackers attacked computer systems associated with the Ukrainian government and 26 of its NATO allies — including the U.S. — with the intent of advancing Russia's invasion of the war-torn country, federal prosecutors announced Thursday.

The Department of Justice unsealed a superseding indictment charging five Russian military intelligence service, or GRU, officers and one civilian with conspiracy to commit computer intrusion and wire-fraud conspiracy. The U.S. is now offering $10 million for information on their whereabouts or cyber campaign.

The grand jury's indictment alleges the hackers used a malware known as "WhisperGate" to destroy and leak data — including patient health records — from Ukrainian computer systems that had no relation to military or defense. The DOJ says this was done to "sow concern among Ukrainian citizens regarding the safety of their government systems and personal data." The defendants then targeted computer systems in the United States and 25 other NATO countries that provide support to Ukraine.

RELATED STORY | Right-wing influencers linked to Russian influence operation

"The GRU's WhisperGate campaign, including targeting Ukrainian critical infrastructure and government systems of no military value, is emblematic of Russia's abhorrent disregard for innocent civilians as it wages its unjust invasion," said Assistant Attorney General Matthew G. Olsen of the National Security Division.

Court documents allege that on Jan. 13, 2022, the hackers used a U.S.-based company's services to distribute WhisperGate, which is designed to destroy a computer and its data once it's in the system, on various Ukrainian government networks, including the Ukrainian Ministry of Internal Affairs, State Treasury, Judiciary Administration, State Portal for Digital Services, Ministry of Education and Science, Ministry of Agriculture, State Service for Food Safety and Consumer Protection, Ministry of Energy, Accounting Chamber for Ukraine, State Emergency Service, State Forestry Agency and Motor Insurance Bureau.

After compromising some of the targeted systems, the indictment says the hackers "defaced" their websites to read, "Ukrainians! All information about you has become public, be afraid and expect the worst. This is for your past, present and future." And later that day, the defendants allegedly put the hacked data for sale online.

The indictment also says the hackers searched for "potential vulnerabilities" within various protected computer systems of 26 NATO countries starting in Aug. 2021. From then until Feb. 3, 2022, federal prosecutors say the hackers used the same attack method to probe federal government computer systems in Maryland 63 times. And in Aug. 2022, the DOJ alleges the defendants hacked the transportation infrastructure of a central European country that was supporting Ukraine in the war.

RELATED STORY | Ukraine's foreign minister resigns as part of Zelenskyy's wartime reshuffle

"Through strokes on a keyboard, the accused criminals used computers to cross into countries, hunting for weaknesses and seeking to harm," said Special Agent in Charge William J. DelBagno of the FBI Baltimore Field Office. "The FBI and our law enforcement partners, both national and international, will collectively defend against Russia's aggressive and illegal actions. We are united in identifying, prosecuting and protecting against future crimes and vow to relentlessly hunt down and counter these threats."

In a press conference Thursday, Olsen said the DOJ was bringing the case forward to hold the hackers accountable and deter any other Russian individuals in cyber activity from "backfilling" the six indicted hackers' roles.

"There are marked people now. We know who they are. There's a reward on their head, and we're going to pursue them relentlessly," Olsen said. "The message is clear to the GRU and to the Russians: We are onto you. We have penetrated your systems. The FBI, the Department of Justice will be relentless in pursuing you, and so you better pay attention to the fact that we have gotten to you, and we are in your systems."

The defendants charged in the superseding indictment are Russian GRU members Yuriy Denisov, Vladislav Borovkov, Denis Denisenko, Dmitriy Goloshubov and Nikolay Korchagin and civilian Amin Sitgal.