Russian Hackers Indicted by U.S. Grand Jury for Cyber Attacks
In a significant development, a Maryland grand jury has indicted six Russian hackers, all nationals of the Russian Federation, on charges of conspiracy to commit computer intrusion and wire fraud conspiracy. Among the accused, five are officers in Unit 29155 of the Russian Main Intelligence Directorate (GRU), a military intelligence agency. The sixth individual, a civilian, was already under indictment for conspiracy to commit computer intrusion and now faces additional charges of wire fraud conspiracy.
Note: View the indictment here.
The GRU officers have been identified as Yuriy Denisov [Юрий Денисов], a colonel and commanding officer of Cyber Operations for Unit 29155; Vladislav Borovkov [Владислав Боровков], Denis Denisenko [Денис Денисенко], Dmitriy Goloshubov [Дима Голошубов], and Nikolay Korchagin [Николай Корчагин], all lieutenants assigned to cyber operations. The civilian co-conspirator is Amin Sitgal [Амин Стигал].
The indictment alleges that the defendants orchestrated a series of cyber attacks targeting Ukrainian government systems and other international entities supporting Ukraine. The primary objective was to exfiltrate data, leak sensitive information, and destroy computer systems to instill fear among Ukrainian citizens about the security of their government systems and personal data.
Note: Concurrent with the return of the indictment, the U.S. Department of State’s Rewards for Justice program is offering a reward of up to $10 million for information on any of the defendants’ locations or their malicious cyberactivity. Anyone possessing such information should contact Rewards for Justice here.
Targets of the attacks included non-military Ukrainian government systems, and later expanded to include computer systems in the United States and 25 other NATO countries. Assistant Attorney General Matthew G. Olsen of the National Security Division remarked, “The GRU’s WhisperGate campaign, including targeting Ukrainian critical infrastructure and government systems of no military value, is emblematic of Russia’s abhorrent disregard for innocent civilians as it wages its unjust invasion.” He emphasized the Justice Department’s commitment to disrupting such malicious cyber activities.
FBI Deputy Director Paul Abbate reiterated the agency’s dedication to countering these threats, stating, “The FBI and its international partners are relentless in our commitment to thwarting GRU attacks across the globe and bringing to justice those responsible for these criminal acts.”
Deputy Assistant Secretary for Threat Investigations and Analysis Paul Houston from the U.S. Department of State’s Diplomatic Security Service (DSS) highlighted the ongoing rewards program, noting, “Since July 2021, the U.S. Department of State’s Rewards for Justice (RFJ) program, administered by the Diplomatic Security Service (DSS), has offered a reward of up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in certain malicious cyber activities against U.S. critical infrastructure.”
U.S. Attorney Erek L. Barron for the District of Maryland emphasized the importance of the indictment, stating, “Today’s superseding indictment underscores our commitment to using all the tools at our disposal to pursue those who would do us and our allies around the world harm.”
Special Agent in Charge William J. DelBagno of the FBI Baltimore Field Office added, “Through strokes on a keyboard, the accused criminals used computers to cross into countries, hunting for weaknesses and seeking to harm. The FBI and our law enforcement partners, both national and international, will collectively defend against Russia’s aggressive and illegal actions.”
Court documents reveal that on Jan. 13, 2022, the defendants used a U.S.-based company’s services to distribute malware known as “WhisperGate” to Ukrainian government entities’ computer systems. WhisperGate was designed to destroy target computers and data ahead of the Russian invasion of Ukraine. The malware targeted numerous Ukrainian government departments, including the Ministry of Internal Affairs, State Treasury, and Ministry of Education and Science, among others.
In addition to these attacks, the defendants exfiltrated sensitive data and defaced websites with threatening messages. The U.S. government had previously condemned these cyber activities in May 2022, attributing them to the Russian military.
The indictment also covers the defendants’ hacking of the transportation infrastructure of a Central European country supporting Ukraine in October 2022. Additionally, from August 2021 to February 2022, the defendants probed computer systems of 26 NATO member countries and a federal government agency in Maryland.
This indictment forms part of Operation Toy Soldier, an international effort to combat malicious cyber activities by Unit 29155 of the GRU. The FBI and 12 other partners released a Joint Cybersecurity Advisory to bolster network defenses against these threats.
The FBI Baltimore Field Office, with assistance from the Milwaukee and Boston Field Offices, is investigating the case. Assistant U.S. Attorneys Aaron S.J. Zelinsky and Robert I. Goldaris for the District of Maryland are leading the prosecution, supported by the National Security Division’s National Security Cyber Section.
