In an indictment unsealed today, a grand jury in Maryland charged six computer hackers, all residents and nationals of the Russian Federation, with conspiracy to commit computer intrusion and wire fraud conspiracy. Five of the defendants were officers in Unit 29155 of the Russian Main Intelligence Directorate (GRU), a military intelligence agency. The sixth individual was a civilian already under indictment for conspiracy to commit computer intrusion and is now also charged with wire fraud conspiracy.
The U.S. Department of State’s Rewards for Justice program is offering a reward of up to $10 million for information on any of the defendants’ locations or their malicious cyber activity.
The indictment alleges that these GRU hackers and their co-conspirator engaged in a conspiracy to hack into, exfiltrate data from, leak information obtained from, and destroy computer systems associated with the Ukrainian Government ahead of the Russian invasion of Ukraine. The targets included Ukrainian Government systems and data with no military or defense-related roles. Later targets included computer systems in countries around the world that were providing support to Ukraine, including the United States and 25 other NATO countries.
“The GRU’s WhisperGate campaign, including targeting Ukrainian critical infrastructure and government systems of no military value, is emblematic of Russia’s abhorrent disregard for innocent civilians as it wages its unjust invasion,” said Assistant Attorney General Matthew G. Olsen of the National Security Division. “Today’s indictment underscores that the Justice Department will use every available tool to disrupt this kind of malicious cyber activity and hold perpetrators accountable for indiscriminate and destructive targeting of the United States and our allies.”
“Since July 2021, the U.S. Department of State’s Rewards for Justice (RFJ) program has offered a reward of up to $10 million for information leading to the identification or location of any person who participates in certain malicious cyber activities against U.S. critical infrastructure,” said DSS Deputy Assistant Secretary for Threat Investigations and Analysis Paul Houston. “Under this reward offer, the RFJ program is seeking information leading to the location of these individuals, GRU’s malicious cyber activity or associated individuals and entities.”
“Today’s superseding indictment underscores our commitment to using all tools at our disposal to pursue those who would do us harm,” said U.S. Attorney Erek L. Barron for the District of Maryland. “Cyber intrusion schemes such as the one alleged threaten our national security, and we will use all technologies and investigative measures at our disposal to disrupt and track down these cybercriminals.”
“Through strokes on a keyboard, the accused criminals used computers to cross into countries, hunting for weaknesses and seeking to harm," said Special Agent in Charge William J. DelBagno of the FBI Baltimore Field Office. "We are united in identifying, prosecuting, and protecting against future crimes."
The defendants charged are: Yuriy Denisov [Юрий Денисов], Vladislav Borovkov [Владислав Боровков], Denis Denisenko [Денис Денисенко], Dmitriy Goloshubov [Дима Голошубов], Nikolay Korchagin [Николай Корчагин], and Amin Sitgal [Амин Стигал].
According to court documents, on Jan. 13, 2022, the defendants conspired to use a U.S.-based company’s services to distribute malware known as “WhisperGate” designed to look like ransomware but actually intended to destroy target computers ahead of Russia's invasion of Ukraine.
The defendants compromised several targeted Ukrainian computer systems, exfiltrated sensitive data including patient health records, defaced websites with threatening messages about leaked personal information, and offered hacked data for sale online.
In August 2022, they also hacked transportation infrastructure in a Central European country supporting Ukraine while probing various protected computer systems associated with 26 NATO member countries starting from August 2021.
This indictment is part of Operation Toy Soldier aimed at combating malicious cyber activity by Unit 29155. The FBI Baltimore Field Office is investigating with assistance from FBI Milwaukee and Boston Field Offices.
Assistant U.S. Attorneys Aaron S.J. Zelinsky and Robert I. Goldaris are prosecuting with assistance from the National Security Division’s National Security Cyber Section.