$10M reward for Russian hacking mastermind who targeted Ukraine

Federal authorities are offering $10 million for help locating a Russian hacker accused of supporting the 2022 invasion of Ukraine by attacking government computers while posing as a common cybercriminal but in fact working with Russian military intelligence.

Amin Timovich Stigal attacked essential, non-military Ukrainian government computer systems before the invasion; published citizen data in an effort to sow doubt in the government; and later went after countries that supported Ukraine, including the U.S., according to a federal indictment filed this week in Maryland, where he targeted a U.S. government agency.

The Chechnya-born hacker ran a malware scheme known as “WhisperGate,” which is meant to look like a common ransomware attack. Federal prosecutors say WhisperGate is actually a “cyberweapon” designed to delete the victims’ data and render target computers inoperable.

Stigal, 22, operated the scheme for the Main Directorate of the General Staff (GRU), an infamous military intelligence agency created under former Soviet dictator Joseph Stalin. 

“As alleged, the defendant conspired with Russian military intelligence on the eve of Russia’s unjust and unprovoked invasion of Ukraine,” said Attorney General Merrick B. Garland in a press release. “The Justice Department will continue to stand with Ukraine on every front in its fight against Russia’s war of aggression, including by holding accountable those who support Russia’s malicious cyber activity.”

The Russian operative remains at large. If convicted, he faces up to five years in prison. He is listed among the FBI’s Most Wanted cybercriminals.

'putinkrab':Feds launch hunt, offer $10 million reward for Russian ransomware mastermind

Attacks on Ukraine

Stigal and his unnamed GRU co-conspirators targeted some of the most-used Ukrainian government services in the months leading up to the invasion in February 2022.

The attacks hit at least two dozen protected computers, including at the Ukrainian Ministry of International Affairs, Treasury, Judiciary Administration, Agriculture, Ministry of Energy and State Emergency Service, the indictment says. 

WhisperGate cyber hits were disguised to look like the work of a common cybercriminal, not statecraft, and were accompanied by messages demanding $10,000 in Bitcoin to recover stolen data. 

But the hackers' real goal was to delete the data and render the state computers inoperable.

GRU hackers aimed directly at Ukrainian citizens as well, stealing the data of 13.5 million users of the government’s Portal for Digital Services (DIIA), an essential website for accessing government services and IDs, and listing it for sale on the darknet, court filings say.

They displayed messages on the DIIA website weeks ahead of the invasion that read, “Ukrainians! All information about you has become public, be afraid and expect the worst. This is for your past, present and future.”

Stigal and his co-conspirators hid their connections to the Russian government by using false identities, making false statements and using a network of computers around the world, including the U.S., according to the indictment. They funded their operations using Bitcoin.

Stigal began working with the GRU in December 2020, the indictment says.

More:Multiple people, including a priest, killed in attacks in Russian Republic, officials say

Other attacks

Stigal and his WhisperGate co-conspirators began attacking countries supporting Ukraine following the invasion, including the U.S., according to the indictment. 

The group went after the transportation infrastructure of an unnamed Central European country instrumental in delivering aid to Ukraine and a Maryland-based U.S. government agency.

Baltimore FBI agents investigating did not respond to questions about what government agency the group targeted. 

Stigal and the hackers probed public-facing agency websites 63 times, according to the agency.