The US Department of Justice has announced charges against a Russian national for his alleged role in a series of disruptive cyberattacks against Ukraine ahead of Russia's full-scale invasion in February 2022.
The individual, Amin Timovich Stigal, is believed to be a member of Cadet Blizzard, a state-sponsored threat actor also known as DEV-0586 and Ruinous Ursa, which operates on behalf of Russia's military intelligence of Russia).
According to court documents, the 22-year-old Stigal conspired to use a US company's services to distribute WhisperGate to the systems of dozens of Ukrainian government entities.
A Master Boot Record wiper masquerading as ransomware, WhisperGate was first seen on victim systems on January 13, 2022, but the attacks had been prepared months in advance.
The US attributed the attacks to Russia in May 2022 and released indicators of compromise associated with WhisperGate and other Russian malware families used in attacks against Ukraine.
Stigal and other conspirators, according to court documents, infected multiple Ukrainian government networks with the intent to completely destroy the target computers and related data.
The attackers exfiltrated sensitive data, defaced websites, and offered the stolen information for sale on the internet, to cast doubt on the safety of Ukrainian government systems and data.
In August 2022, Stigal was allegedly involved in hacking the transportation infrastructure of a Central European country supporting Ukraine.
Between August 2021 and February 2022, the Justice Department said Stigal and members of GRU abused the services of the same US-based company to probe the systems of a federal government agency in Maryland using the same methods used in the attacks against the Ukrainian government.
Stigal remains at large, but the US is willing to pay a reward of up to $10 million for information on his whereabouts.
This Cyber News was published on www.securityweek.com. Publication date: Thu, 27 Jun 2024 19:43:05 +0000