Blog

Five Russian GRU Officers and One Civilian Charged for Conspiring to Hack Ukrainian Government

Defendants are alleged to have committed cyber attacks in advance of Russia’s invasion of Ukraine, and also targeted 26 North Atlantic Treaty Organization countries.

Default Author Image
September 6, 2024

“In an indictment unsealed today, a grand jury in Maryland charged six computer hackers, all of whom were residents and nationals of the Russian Federation (Russia), with conspiracy to commit computer intrusion and wire fraud conspiracy. Five of the defendants were officers in Unit 29155 of the Russian Main Intelligence Directorate (GRU), a military intelligence agency of the General Staff of the Armed Forces. The sixth individual was a civilian already under indictment for conspiracy to commit computer intrusion and is now also charged with wire fraud conspiracy.”

Note: Concurrent with the return of the indictment, the U.S. Department of State’s Rewards for Justice program is offering a reward of up to $10 million for information on any of the defendants’ locations or their malicious cyberactivity. Anyone possessing such information should contact Rewards for Justice here.

“The indictment alleges that these GRU hackers and their co-conspirator engaged in a conspiracy to hack into, exfiltrate data from, leak information obtained from and destroy computer systems associated with the Ukrainian Government in advance of the Russian invasion of Ukraine. The defendants did so in order to sow concern among Ukrainian citizens regarding the safety of their government systems and personal data. The defendants’ targets included Ukrainian Government systems and data with no military or defense-related roles. Later targets included computer systems in countries around the world that were providing support to Ukraine, including the United States and 25 other North Atlantic Treaty Organization (NATO) countries.”

“The defendants charged in the indictment are: Yuriy Denisov [Юрий Денисов], a colonel in the Russian military and a commanding officer of Cyber Operations for Unit 29155; four lieutenants in the Russian military assigned to Unit 29155 who worked on cyber operations: Vladislav Borovkov [Владислав Боровков], Denis Denisenko [Денис Денисенко], Dmitriy Goloshubov [Дима Голошубов] and Nikolay Korchagin [Николай Корчагин]; and a civilian co-conspirator, Amin Sitgal [Амин Стигал].”

“According to court documents, on Jan. 13, 2022, the defendants conspired to use a U.S.-based company’s services to distribute malware known in the cybersecurity community as ‘WhisperGate,’ which was designed to look like ransomware, to dozens of Ukrainian government entities’ computer systems. However, as the indictment alleges, WhisperGate was actually a cyberweapon designed to completely destroy the target computer and related data in advance of the Russian invasion of Ukraine. Ukrainian government networks subjected to this attack included the Ukrainian Ministry of Internal Affairs, State Treasury, Judiciary Administration, State Portal for Digital Services, Ministry of Education and Science, Ministry of Agriculture, State Service for Food Safety and Consumer Protection, Ministry of Energy, Accounting Chamber for Ukraine, State Emergency Service, State Forestry Agency and Motor Insurance Bureau.”

“In conjunction with these attacks, the defendants compromised several of the targeted Ukrainian computer systems, exfiltrated sensitive data, including patient health records and defaced the websites to read: ‘Ukrainians! All information about you has become public, be afraid and expect the worst. This is for your past, present and future.’ That same day, the defendants offered the hacked data for sale on the internet.”

“The U.S. government previously joined with allies and partners in May 2022 to attribute this cyber-attack to the Russian military and to condemn the attack and similar destructive cyber activities against Ukraine.”

“In August 2022, the defendants also hacked the transportation infrastructure of a Central European country that was supporting Ukraine. Beginning in August 2021, the defendants also probed a variety of protected computer systems including those associated with 26 NATO member countries, searching for potential vulnerabilities. The indictment further alleges that from Aug. 5, 2021, to Feb. 3, 2022, the defendants leveraged the same computer infrastructure they used in the Ukraine-related attacks to probe computers belonging to a federal government agency in Maryland in the same manner as they had initially probed the Ukrainian Government networks.” (Source: US Department of Justice)

Begin your free trial today.