BALTIMORE (AP) — The U.S. Justice Department has widened its indictment of Russians in the so-called “WhisperGate” malware attack aimed at destroying computer systems in Ukraine and 26 NATO allies including the United States.
A superseding indictment announced Thursday names five Russian military intelligence officers in a conspiracy to demoralize the Ukrainian people on the eve of Russia’s full-scale invasion of Ukraine.
One federal official said the “WhisperGate” malware attack in January 2022 could be considered Russia’s first shot in the war. The cyberattacks penetrated U.S. companies and targeted Ukraine’s civilian infrastructure and computer systems unrelated to defense, including the judiciary, emergency services, food safety and education, they said.
“Seeking to sap the morale of the Ukrainian public, the defendants also stole and leaked the personal data of thousands of Ukrainian civilians, including by posting patient health information and other sensitive private data for sale online and then taunting those victims,” said Matthew Olsen, assistant attorney general for national security.
The attacks weren’t limited to Ukraine, Olsen said at a news conference in Baltimore with Maryland U.S. Attorney Erek Barron.
“They targeted computers around the world and used the computer infrastructures of an unwitting U.S.-based company to conduct the WhisperGate attacks,” Olsen said. “They went on to target computer systems in other nations supporting Ukraine in its fight for survival. Ultimately, their targets included computer systems in 26 NATO partners, including the United States.”
Prosecutors said the group is accused of hacking into computers belonging to a federal government agency in Maryland in August 2022.
A federal grand jury in Baltimore indicted military intelligence officers Vladislav Borovkov, Denis Denisenko, Yuriy Denisov, Dmitriy Goloshubov and Nikolay Korchagin along with Amin Timovich Stigal, a 22-year-old Russian civilian indicted in June. It accuses them of conspiring to gain unauthorized access to computers associated with the governments of Ukraine and its allies. Combined, the U.S. government is offering $60 million in rewards for help leading to the suspects’ locations or malicious cyberactivity.
“This type of cyber warfare will not be tolerated. The scope of Russia’s crimes cannot be ignored,” said William J. DelBagno, special agent in charge of the FBI’s Baltimore field office.
The U.S. investigation, Operation Toy Soldier, found the accused committed fraud in the U.S. by illegally accessing bank accounts and using a U.S. company to unwittingly carry out their crimes, DelBagno said.
“Adding insult to injury these individuals not only used tools to scan for vulnerabilities 63 times on a Maryland U.S.-based government agency, but they also scanned our allies throughout the world, including Ukrainian servers and servers in various other countries,” Barron said.
The FBI and government partners in other countries are issuing a joint cybersecurity advisory that details how the attacks were carried out and what can be done to prevent them, officials said.
Countering Russia’s cyber threat demands constant efforts, they said. In January, the Justice Department also disrupted a botnet controlled by Russian military intelligence that officials say was used to enable crimes and espionage, and in May, officials announced charges against the alleged developer of a prolific ransomware variant known as LockBit.
Correction: This story has been updated to correct the spelling of Yuriy Denisov’s, Nikolay Korchagin’s and Dmitriy Goloshubov’s first names.