US warns Russian hackers: ‘We are on your trail’
The United States has charged five Russian intelligence officers and a Russian civilian in connection with a major cyberattack that U.S. prosecutors have described as the opening shot in the Kremlin’s war on Ukraine.
The Justice Department unsealed the superseding indictment Thursday, accusing Russians of carrying out the January 2022 “WhisperGate” malware attack that sought to weaken Ukraine’s civilian infrastructure ahead of Russia’s invasion the following month.
“The WhisperGate campaign included targeting Ukrainian civilian infrastructure and information systems completely unrelated to the military or national defense, including government agencies responsible for Ukraine’s emergency services, the judiciary, food security, and education, in an effort to undermine the morale of the Ukrainian public,” said U.S. Assistant Attorney General Matthew Olsen.
The attack “could be considered the first shot of the war,” said FBI Special Agent Bill DelBagno, speaking alongside Olsen at a news conference in Baltimore, Maryland.
DelBagno said the WhisperGate campaign also targeted the United States and dozens of NATO allies, going so far as to infiltrate a U.S. government agency based in Maryland while simultaneously accessing U.S. bank accounts.
“The FBI, working with our law enforcement partners and allies, will relentlessly pursue and counter these threats,” he said. “This type of cyberwarfare will not be tolerated. The magnitude of Russia’s crimes cannot be ignored.”
Thursday’s indictment, the result of an FBI operation called “Toy Soldier,” builds on charges first filed in June against Amin Stigal, a 22-year-old Russian civilian accused of using malware to aid Russian intelligence services before the invasion of Ukraine.
As part of the attack, Stigal and operatives from Unit 21955 of the Main Intelligence Directorate of the Russian General Staff, or GRU, used the cyberinfrastructure of some U.S.-based companies to launch what at first appeared to be ransomware attacks but were actually designed to wipe critical data.
The new indictment names Stigal’s Russian GRU accomplices as Vladislav Borovkov, Denis Denisenko, Yuriy Denisov, Dmitriy Goloshubov and Nikolay Korchagin.
FBI officials said the GRU unit also operated under the names Cadet Blizzard, Ember Bear and Dev-0586, carrying out cyberattacks on critical infrastructure in Europe, Central America and Asia.
In addition to the new charges, U.S. officials said they would offer a reward of up to $10 million for each of the Russians named in the criminal complaint.
Authorities said they were also working with Interpol to issue notices that could help lead to the arrest of the six Russians.
“These are marked people,” Olsen said. “We know who they are. There is a bounty on their heads and we are going to hunt them relentlessly.”
“The message is clear,” he said. “To the GRU, to the Russians, we are on your trail.”
In addition to the charges, the FBI and its partners issued a cybersecurity advisory Thursday asking organizations and businesses to patch known vulnerabilities that could be exploited by GRU Unit 21955.
The Russian Embassy in Washington has not yet responded to a VOA request for comment.
At the same time, some of the United States’ allies have announced their own plans to crack down on Russian intelligence services.
Estonia said Thursday it had attributed a 2020 cyberattack to three of its ministries and requested the arrest of three members of GRU Unit 21955.
“Russia’s goal was to damage national information systems, obtain sensitive information and undermine our sense of security,” Estonian Foreign Minister Margus Tsahkna said in a statement.
“Estonia condemns any malicious activity, including cyber activity that threatens our institutions, our citizens and our security,” Tsahkna said.
The U.S. charges against Russian agents on Thursday are the latest in a series of moves by Washington to crack down on what it describes as Moscow’s malign activity.
Earlier on Thursday, the US Justice Department charged an American TV presenter from Channel One Russia and his wife with evading sanctions.
The United States on Wednesday charged two Russian nationals employed by the Kremlin-backed RT news outlet with paying nearly $10 million to a U.S.-based media company to spread pro-Russian disinformation.
The Justice Department also announced Wednesday the takedown of 32 Internet domains linked to what officials described as a separate Russian operation aimed at influencing the U.S. presidential election.
VOA United Nations correspondent Margaret Besheer contributed to this report.
USA voanews