The Justice Department has charged a Russian civilian with conspiring to destroy Ukrainian government computer systems as part of a broader Russian hacking effort that preceded Russia's unlawful invasion of Ukraine.
Maryland prosecutors said Wednesday they were looking for Amin Stygal, 22, on charges of helping set up a server used by Russian government hackers to launch a devastating cyberattack on Ukrainian government ministries in January 2022, a month before the Kremlin ordered tanks and troops to cross the Ukrainian border.
The cyberattack campaign known as “WhisperGate” masqueraded as ransomware but relied on so-called wiper malware, which intentionally and irreversibly scrambled data on infected devices. Prosecutors said the cyberattack was designed to sow concerns among Ukrainian civil society about the security of government systems.
According to the indictment against him unsealed Wednesday, he is also accused of helping hackers operating in Russia's military intelligence unit (GRU) to target Ukraine's allies, including the United States.
According to the unsealed indictment, Stegal allegedly used cryptocurrency to pay for and install servers for an unnamed U.S. company, which led to Russian GRU hackers targeting the Ukrainian government with data-destroying malware. A cyber attack could be launched.
According to the indictment, Russian hackers allegedly stole a ton of data from Ukrainian government systems during a cyberattack, including citizen health data, criminal records, and car insurance data. The hackers later advertised the data for sale on a known cybercrime forum.
U.S. prosecutors said Russian hackers targeted unnamed U.S. government agencies in Maryland dozens of times between 2021 and 2022 before the invasion, allowing prosecutors there to have jurisdiction over the case and charge Steagall.
In late October 2022, Russian hackers used the same servers installed by Stigal to target the transport sector of an unnamed Central European country. U.S. prosecutors say it provided civilian and military assistance to Ukraine after the invasion. This incident coincides with a cyberattack that occurred in Denmark in October 2022, which caused widespread outages and delays across the Danish rail network.
The U.S. government said it was offering a $10 million reward for information leading to the whereabouts or capture of Stiegal, who is believed to be in Russia.
Steagall could face up to five years in prison if convicted.
