A Russian national is charged in Maryland with plotting to hack into and destroy government computer systems and data in Ukraine and the country’s allies, as well as poking around U.S. government computers.
An arrest warrant was issued Wednesday for 22-year-old Amin Timovich Stigal, who is charged with conspiracy to commit computer intrusion and damage.
The FBI in Baltimore put out a wanted notice for Stigal, who is accused of working with others to take down computer systems in Ukraine, which is fighting off an invasion by neighboring Russia.
An indictment said the attacks took place between 2021 and 2022. Stigal and others in the Main Intelligence Directorate of the General Staff of the Russian Federation (GRU) are accused of hacking into computers belonging to a federal government agency in Maryland in August 2022.
“Cyber intrusion schemes such as the one alleged threaten our national security, and we will use all the technologies and investigative measures at our disposal to disrupt and track down these cybercriminals,” said U.S. Attorney Erek L. Barron for the District of Maryland.
Stigal and his alleged co-conspirators used a U.S.-based company to distribute malware to Ukrainian government entities’ computer systems in January 2022, a month before Russia invaded its neighbor. The malware, known as “WhisperGate” destroyed both the systems and related data before the Russian invasion of Ukraine.
Designed to look like ransomware, “WhisperGate” is a cyberweapon that destroys a computer system. Sensitive data was targeted too, including patient health records, and some of the government entities included the Ukrainian Ministry of International Affairs, the State Treasury, the Ministry of Education and Science, the Ministry of Energy and the State Emergency Service.
At one point, according to the indictment, the alleged co-conspirators posted a ransom note on a Ukranian computer: “Your hard drive has been corrupted. In case you want to recover all hard drives of your organization, You should pay $10K bitcoin wallet (address) and send message ... with your organization name. We will contact you with further instructions.”
The alleged co-conspirators also changed the websites on Jan. 13, 2022, to read “Ukrainians! All information about you has become public, be afraid and expect the worst. This is for your past, present and future.” They attempted to sell the hacked data online, prosecutors said.
Using the moniker “Free Civilian,” according to the indictment, the co-conspirators listed data for sale, including criminal records obtained from the Ukrainian government, patient health data and motor insurance information also obtained from the Ukrainian government.
The group used fake identities and lied about who they were to conceal their connections to the Russian government, according to the indictment. The group also used computers based around the world and paid for those services using cryptocurrency, another step in hiding their Russian connections, according to the indictment.
Prosecutors said the group also hacked a Central European country’s transportation infrastructure in August 2022. That country, which wasn’t named in court records, was supporting Ukraine.
The group, between August 2021 and February 2022, also used the same group of computers from the Ukraine attack to probe systems belonging to a federal government agency in Maryland 63 times in the same way they initially poked around the Ukrainian government network, the FBI said.
“To those adversaries who seek to compromise our international partners’ systems, know you will be identified, and you will face consequences for your actions,” said Special Agent in Charge William J. DelBagno of the FBI Baltimore Field Office.
Stigal, if convicted, could face a maximum penalty of five years in prison. The U.S. State Department is offering $10 million for information leading to Stigal’s arrest.
Comments
Welcome to The Banner's subscriber-only commenting community. Please review our community guidelines.