Federal prosecutors have added new charges against members of Russia’s military intelligence service and an alleged conspirator, accusing them of engaging in a hacking campaign to “sow concern among Ukrainian citizens” regarding their government’s cybersecurity.
A superseding indictment, filed on August 7 but unsealed on Thursday, adds five charges against members of Russia’s military intelligence service, GRU, and one Russian civilian for their alleged conspiracy to use a US-based company’s services to distribute malware, known in the cybersecurity community as “WhisperGate” and designed to look like ransomware, to dozens of Ukrainian government entities’ computer systems.
The malware was allegedly a cyberweapon designed to destroy the target computer and related data before the 2022 Russian invasion of Ukraine, according to the indictment.
The document names Vladislav Borovkov, Denis Denisenko, Yuriy Denisov, Dmitry Goloshubov, and Nikolay Korchagin as the Russian intelligence officers in the group known as Unit 29155 and Amin Timovich Stigal as the 22-year-old Russian civilian they conspired with.
According to a press release from the US Office of Public Affairs, Denisov is a colonel in the Russian military and the commanding officer of cyber operations for Unit 29155. The other four operatives are described as lieutenants assigned to the unit to work on cyber operations.
Stigal was already charged in June with conspiracy to hack into and destroy computer systems and data.
All men are still at large, with the US Department of State offering up to $10m for information about the location of the defendants or their alleged cyber campaign.
Their targets allegedly included Ukrainian government systems that were not military or defense-related, but would later add other computer systems around the world from countries providing support to Ukraine to their list, including the US and 25 other Nato countries.
As well as these attacks, the defendants are accused of compromising several Ukrainian computer systems to leak patient health records and other “sensitive data.”
They also allegedly defaced the targeted websites to read: “Ukrainians! All information about you has become public, be afraid and expect the worst. This is for your past, present and future,” putting the stolen data for sale on the internet.
The superseding indictment follows the Biden administration’s seizing of 32 Russian-backed websites that prosecutors say were designed to sow disinformation and discord ahead of 2024 elections and boost Donald Trump’s campaign.
Separately, two employees of Russia’s state-controlled media network RT have been criminally charged with allegedly launching a $10m propaganda scheme that enlisted popular right-wing social media influencers.
Juhan Lepassaar, head of the European Union Agency for Cybersecurity, told the Associated Press in May that disruptive digital attacks had doubled in the EU over the months leading up to his interview with targets including election-related services.
“This is part of the Russian war of aggression, which they fight physically in Ukraine, but digitally also across Europe,” he said.
Read the full article here