The Justice Department has charged a Russian citizen with conspiring to destroy Ukrainian government computer systems as part of a massive hacking effort carried out by Russia ahead of its illegal invasion of Ukraine.
US prosecutors in Maryland said on Wednesday that Amin Stigall, 22, is wanted for helping set up a server used by Russian government hackers to launch devastating cyberattacks on Ukrainian government ministries in January 2022, a month before the Kremlin ordered tanks and troops to cross Ukraine’s borders.
The cyberattack campaign, known as “Whispergate,” relied on so-called wiper malware that was disguised as ransomware but deliberately and irreversibly destroyed data on infected devices. Prosecutors said the cyberattacks were designed to “create concerns” in Ukrainian civil society about the security of their government’s systems.
According to the indictment unsealed Wednesday, Stigall is also accused of helping hackers working for Russia’s military intelligence unit — known as the GRU — target Ukraine’s allies, including the United States.
According to the unsealed indictment, Stigall allegedly used cryptocurrency to pay for and set up servers at an unnamed U.S. company that allowed Russian GRU hackers to launch cyberattacks targeting the Ukrainian government with data-destroying malware.
The indictment alleges that Russian hackers stole a wealth of data from Ukrainian government systems during cyber attacks, including citizens’ health data, criminal records and motor insurance data. The hackers later advertised this data for sale on well-known cybercrime forums.
US prosecutors say Russian hackers also targeted an unnamed US government agency based in Maryland dozens of times between 2021 and 2022 before the invasion, allowing prosecutors in the district to take jurisdiction over the case and charge Stigall.
Later in October 2022, Russian hackers used the same servers set up by Stigall to target the transport sector of an unnamed Central European country that US prosecutors said had provided civilian and military support to Ukraine after the invasion. The incident coincides with the timing of an October 2022 cyberattack in Denmark, which at the time caused massive disruption and delays to the country’s railway network.
The US government said it was offering a $10 million reward for information leading to the capture or arrest of Stigall, who remains at large and is believed to be in Russia.
If convicted, Stigall could face up to five years in prison.
