US offers $10 million for information on indicted WhisperGate malware suspect
A federal grand jury in Maryland returned an indictment charging a Russian citizen with conspiracy to hack into and destroy computer systems and data. If convicted, he faces a maximum penalty of five years in prison.
The U.S. Department of State’s Rewards for Justice program is offering a reward of up to $10 million for information on his location or his malicious cyberactivity.
In advance of the full-scale Russian invasion of Ukraine, targets included Ukrainian Government systems and data with no military or defense-related roles. Later targets included computer systems in countries that were providing support to Ukraine, including the United States.
According to court documents, in Jan. 2022, members of the Main Intelligence Directorate of the General Staff (GRU) of the Russian Federation (the Conspirators) conspired to use a U.S.-based company’s services to distribute malware known in the cybersecurity community as WhisperGate to dozens of Ukrainian government entities’ computer systems and destroy those systems and related data in advance of the Russian invasion of Ukraine.
On Jan. 13, 2022, the Conspirators attacked multiple Ukrainian government networks, including the Ukrainian Ministry of International Affairs, the State Treasury, the Judiciary Administration, the State Portal for Digital Services, the Ministry of Education and Science, the Ministry of Agriculture, the State Service for Food Safety and Consumer Protection, the Ministry of Energy, the Accounting Chamber for Ukraine, the State Emergency Service, the State Forestry Agency, and the Motor Insurance Bureau.
The Conspirators infected computers on these networks with malware called WhisperGate, designed to look like ransomware. However, as the indictment alleges, WhisperGate was a cyberweapon designed to destroy the target computer and related data completely.
In conjunction with these attacks, the Conspirators compromised several of the targeted Ukrainian computer systems, exfiltrated sensitive data, including patient health records, and defaced the websites to read: “Ukrainians! All information about you has become public, be afraid and expect the worst. This is for your past, present and future.” That same day, the Conspirators offered the hacked data for sale on the internet. The effort was aimed at sowing concern among the broader Ukrainian population regarding the safety of government systems and data.
In August 2022, the Conspirators also hacked the transportation infrastructure of a Central European country that was supporting Ukraine. The indictment further alleges that from Aug. 5, 2021, through Feb. 3, 2022, the Conspirators leveraged the same computer infrastructure they used in the Ukraine-related attacks to probe computers belonging to a federal government agency in Maryland in the same manner as they had initially probed the Ukrainian Government networks.