US accuses Russian of helping Kremlin hack Ukraine’s state computer systems

Avatar

A 22-year-old Russian national is facing charges in the U.S. for allegedly helping Moscow’s military intelligence to hack into Ukraine’s computer systems prior to Russia’s invasion, and later targeting Kyiv’s allies, including the U.S.

According to the Department of Justice, Russian citizen Amin Stigal used malware known as WhisperGate to help Russia’s military intelligence, the GRU, to attack and destroy dozens of Ukrainian government entities’ computer systems in advance of the Russian invasion in 2022. Stigal remains at large. 

WhisperGate is a wiper masquerading as ransomware, which has some similarities to the NotPetya wiper that attacked Ukrainian businesses in 2017. WhisperGate was used by Russia-linked hackers to hit multiple Ukrainian government computers and websites in January 2022. 

“WhisperGate was actually a cyberweapon designed to completely destroy the target computer and related data,” an indictment said.

During the attack on Ukrainian targets, hackers compromised several of the targeted Ukrainian computer systems, exfiltrated sensitive data, including patient health records, and defaced the websites. They also offered the hacked data for sale on the internet.

“The effort was aimed at sowing concern among the broader Ukrainian population regarding the safety of government systems and data,” the Justice Department said. 

The same hackers were also allegedly responsible for an attack on “the transportation infrastructure of a Central European country that was supporting Ukraine.” They also probed computers belonging to a federal government agency in Maryland, according to the indictment.

If convicted, Stigal could face a maximum penalty of five years in prison.

“The Justice Department will continue to stand with Ukraine on every front in its fight against Russia’s war of aggression, including by holding accountable those who support Russia’s malicious cyber activity,” said U.S. Attorney General Merrick B. Garland.

News BriefsGovernmentNation-stateNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

Suspected Chinese gov’t hackers used ransomware as cover in attacks on Brazil presidency, Indian health org

Next Post

EU blames ‘clerical error’ after misattributing hacks to wrong Russian spy agency

Related Posts

Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords

Juniper Networks is warning that Session Smart Router (SSR) products with default passwords are being targeted as part of a malicious campaign that deploys the Mirai botnet malware. The company said it's issuing the advisory after "several customers" reported anomalous behavior on their Session Smart Network (SSN) platforms on December 11, 2024. "These systems have been infected with the Mirai
Avatar
Read More

Guide:  The Ultimate Pentest Checklist for Full-Stack Security

Pentest Checklists Are More Important Than Ever Given the expanding attack surface coupled with the increasing sophistication of attacker tactics and techniques, penetration testing checklists have become essential for ensuring thorough assessments across an organization’s attack surface, both internal and external. By providing a structured approach, these checklists help testers systematically
Avatar
Read More