The Department of Justice has charged a Russian civilian with conspiring to destroy Ukrainian government computer systems as part of a larger hacking operation ahead of Russia's illegal invasion of Ukraine.
U.S. prosecutors in Maryland announced Wednesday that Amin Stigall, 22, is wanted for allegedly helping set up a server that Russian government hackers used to launch a destructive cyberattack against Ukrainian government ministries in January 2022, a month before the Russian government ordered tanks and troops to cross the Ukrainian border.
The cyber campaign, known as “Whispergate,” used so-called wiper malware that deliberately and irreversibly encrypts data on infected devices while masquerading as ransomware. Prosecutors said the cyberattack was designed to “sow fears” in Ukrainian civilian society about the security of government systems.
According to the indictment against Stigall unsealed on Wednesday, Stigall is also accused of aiding hackers working for Russia's military intelligence unit, or GRU, to target Ukrainian allies, including the United States.
According to the unsealed indictment, Stigall allegedly used cryptocurrency to purchase and set up servers at anonymous U.S.-based companies that allowed Russian GRU hackers to launch cyber attacks targeting the Ukrainian government using data-destruction malware.
According to the indictment, Russian hackers stole large amounts of data from Ukrainian government systems during the cyberattack, including citizens' health data, criminal records and auto insurance data, which they then offered for sale on cybercrime forums.
U.S. prosecutors say Russian hackers targeted unnamed U.S. government agencies based in Maryland dozens of times between 2021 and 2022 before the intrusion, and prosecutors in that district have jurisdiction and are seeking to prosecute Stigall.
Later in October 2022, Russian hackers used the same server set up by Stigall to target the transportation sector of a central European country that U.S. prosecutors said transported civilians and military personnel following the invasion of Ukraine. The incident coincides with the timing of an October 2022 cyberattack that caused widespread power outages and delays on Denmark's rail network at the time.
The US government has offered a $10 million reward for information leading to the location or arrest of Stigall, who remains at large and is believed to be in Russia.
Stigall faces up to five years in prison if convicted.