US accuses Russian national of helping deploy malware on Ukrainian government computers

Dmitry Nogaev/Getty Images

The alleged hacker used U.S. computer infrastructure to distribute the infamous “WhisperGate” malware into Ukrainian systems.

The United States accused a Russian national of working with the Kremlin’s military intelligence directorate and using infrastructure of a U.S. firm to deploy an insidious malware program against Ukrainian government computer systems ahead of Russia’s 2022 invasion of the country.

The alleged hacker, Amin Timovich Stigal, is accused of colluding with operatives in Russia’s GRU to stage cyberattacks into the Ukrainian systems through infrastructure of an unnamed U.S.-based company. Stigal still remains at large, and the Justice Department is offering up to $10 million for information leading to his arrest.

The 22-year-old “conspired with Russian military intelligence on the eve of Russia’s unjust and unprovoked invasion of Ukraine to launch cyberattacks targeting the Ukrainian government and later targeting its allies, including the United States.” Attorney General Merrick Garland said in a statement announcing the charges.

The conspirators in mid-January 2022 attacked several Ukrainian government sites, including its Ministry of International Affairs, State Treasury, Judiciary Administration and State Portal for Digital Services, using destructive “WhisperGate” malware that steals data off of computers and wipes their entire contents, making them inoperable without the ability to recover the lost information.

Between August 2021 and February 2022, they allegedly used the same infrastructure to “probe computers belonging to a federal government agency in Maryland in the same manner as they had initially probed the Ukrainian Government networks,” DOJ said. The targeted agency was not named.

The WhisperGate malware is particularly insidious because it’s disguised to look like ransomware, but targeted victims still lose their data, even if a ransom is paid. It has repeatedly popped up in reports on Russia-affiliated cybercriminals that have sought to use it to target Ukrainian assets, as well as NATO infrastructure.

 “Cyber intrusion schemes such as the one alleged threaten our national security, and we will use all the technologies and investigative measures at our disposal to disrupt and track down these cybercriminals,” U.S. Attorney Erek L. Barron for the District of Maryland said in a statement.