A 22-year-old Russian national, Amin Timovich Stigal, has been indicted by a US grand jury for launching WisperGate malware attacks against the Ukrainian government before Russia’s invasion. The US Department of Justice (DoJ) revealed that Stigal collaborated with the Russian military’s cyber intelligence branch, the GRU, in these destructive operations.
On Tuesday, a federal grand jury in Maryland issued the indictment against Stigal, who remains at large. Concurrently, the US Department of State’s Rewards for Justice program has offered up to $10 million for information regarding Stigal’s whereabouts or cyber activities.
The DoJ stated that Stigal and GRU members initiated their cyber offensive on January 13, 2022, targeting Ukrainian government systems over a month before the full-scale invasion on February 24. The attacks used WisperGate malware, which mimics ransomware but is designed to incapacitate systems and destroy data. This malware campaign, similar to the infamous NotPetya attack in 2017, led to the defacement of 70 Ukrainian government websites, spreading fear among the population.
“As alleged, the defendant conspired with Russian military intelligence on the eve of Russia’s unjust and unprovoked invasion of Ukraine to launch cyberattacks targeting the Ukrainian government and later targeting its allies, including the United States.” said Attorney General Merrick B. Garland.
Microsoft Threat Intelligence researchers discovered the coordinated WisperGate campaign in May 2022. The malware attack extended to systems in countries supporting Ukraine, including the United States. Assistant Attorney General Matthew G. Olsen emphasized the DoJ’s dedication to thwarting such malicious actions and holding cybercriminals accountable.
Stigal and his conspirators allegedly used a US-based company to distribute WisperGate, targeting key Ukrainian government networks. These pre-invasion attacks affected ministries such as Education, Agriculture, Energy, and Sports, as well as the transportation infrastructure of a Central European ally of Ukraine.
In a related development, Stigal’s father, Tim Vakhaevich Stigal, is also wanted by the US government for criminal hacking offenses. Tim Vakhaevich, 43, is accused of conspiring to traffic stolen payment card information from US corporations between 2014 and 2016. The father and son duo reportedly have multiple aliases, with the elder Stigal threatening to disclose personal data if ransoms were not paid.
US Attorney Erek L. Barron for the District of Maryland pledged to utilize all available technologies and investigative measures to disrupt and apprehend cybercriminals like Stigal, who could face up to five years in prison if convicted.