The Justice Department on Thursday charged five Russian military intelligence officials with hacking into several Ukrainian government agencies, an unnamed U.S. government agency in Maryland and computers in 26 NATO member states.
The Department of Justice announced an indictment against five members of the Main Intelligence Directorate of the Russian Armed Forces (GRU), specifically Hacking Unit 29155. The indictment names GRU Colonel Yuri Denisov, head of cyber operations, and Lieutenants Vladislav Borovkov, Denis Denisenko, Dmitry Goloshubov and Nikolai Korchagin, as well as a civilian co-conspirator, Amin Sitgal, who was previously indicted for some of the same crimes.
Prosecutors allege that the six indicted were behind the Whispergate cyberattack, which was designed to look like a ransomware attack against the Ukrainian government but was actually a destructive attack that disabled targets' computers. The Russian government is accused of launching Whispergate to support a full-scale invasion of Ukraine in February 2022.
According to the indictment, Denisov, Deniskuno, Korchagin, Goloshubov, Borovkov, and other unnamed individuals organized the meetings at Cafe Chokoladnitsa in Moscow's Sofia shopping center. The indictment does not explain how the U.S. government was able to obtain information about these meetings or photos of the suspects, but it suggests that authorities gained significant access to the hackers' infrastructure.
“The message is clear: To the GRU and to Russia, we are coming after you, we have penetrated your systems, and the FBI and the Department of Justice will be pursuing you relentlessly, so you'd better pay attention to the fact that we are coming after you, we have penetrated your systems,” Matt Olsen, assistant US attorney general for national security, said at a press conference announcing the indictments.
The indictment included details of the cyber operation carried out by the six Russians, as well as a group photograph of the four lieutenants and General Denisov.
GRU lieutenants Denisenki, Kordochagin, Goloshubov and Borovkov (Image: Ministry of Justice)
The six Russians are accused of hacking several Ukrainian government and private institutions over the past few years, including the Ukrainian Ministry of Interior, Ministry of Finance, Administration of Justice, other government agencies, and state-run Ukrainian Railways.
The six allegedly hacked what the indictment describes only as transportation infrastructure in a “Central European country” around October 2022. The timing of the attack suggests it was a cyberattack on Denmark, as previously reported, which caused delays and outages across the country's rail network, according to the indictment.
Contact Us Do you have further information about attacks against Ukraine or other targets? Or have information about GRU's Unit 29155 and its cyber attacks? You can securely contact Lorenzo Franceschi-Bicchierai from a non-work device on Signal +1 917 257 1382, Telegram, Keybase @lorenzofb, or email. You can also contact TechCrunch via SecureDrop.
At a press conference, U.S. government representatives declined to identify which Maryland-based U.S. agencies Russian hackers allegedly attacked.
Also on Thursday, the FBI, US cybersecurity agency CISA, the UK's National Cyber Security Centre and government agencies in Europe, Canada and Australia released a joint cybersecurity advisory providing technical details about Unit 29155's activities.
The FBI has dubbed its international effort against the six suspected Russian hackers “Operation Toy Soldiers,” and has put up posters featuring the hackers' photos, soliciting information leading to their arrests and offering a $10 million reward for each of them.
In a post on the official X account of the Rewards for Justice bug bounty program following the indictments, the US government described the hackers as “baby-faced.”