Today, in the US District of Maryland, the US Department of Justice announced that they have indicted five GRU officers and a civilian for “conspiring to hack [the] Ukrainian Government.”
In an unsealed indictment, the five officers and civilian, who were living in Russia and allegedly working for Unit 29155 of the Russian Main Intelligence Directorate (GRU), were charged with conspiracy to commit computer intrusion and wire fraud conspiracy. The civilian individual charged was already under indictment for conspiracy to commit computer intrusion, but now has been charged with wire fraud conspiracy as well.
The alleged hacks took place prior to the Russian invasion of Ukraine and were meant to “sow concern among Ukrainian citizens regarding the safety of their government systems and personal data.” The systems included Ukrainian government systems and data unrelated to the military or defense. The DOJ alleges the targets then expanded to the United States and 25 other NATO countries, without naming any specific victims or whether the breach was reported to them by the victims or discovered by law enforcement agencies.
The GRU campaign designated ‘WhisperGate’, targeted Ukrainian critical infrastructure and government systems “of no military value.” It was designed to appear as ransomware on a system, but in reality, it’s alleged to be a “cyberweapon” that is “designed to completely destroy the target computer and related data in advance of the Russian invasion of Ukraine.” The indictment also claims they had planned to “stage public releases of that data in order to embarass a target Government and create concern among its citizens about vulnerabilities to cyberattack.”
The DOJ release stated, “Ukrainian government networks subjected to this attack included the Ukrainian Ministry of Internal Affairs, State Treasury, Judiciary Administration, State Portal for Digital Services, Ministry of Education and Science, Ministry of Agriculture, State Service for Food Safety and Consumer Protection, Ministry of Energy, Accounting Chamber for Ukraine, State Emergency Service, State Forestry Agency and Motor Insurance Bureau.”
The hackers also wrote on the compromised websites: “Ukrainians! All information about you has become public, be afraid and expect the worst. This is for your past, present, and future.”
Several blocks of data reportedly acquired were posted for sale. Internet data for 13.5 million users from Diia.gov.ua was posted for sale for $80,000 while ransomware threats made demands for $10,000 in BitCoin
According to the indictment, those charged are:
- Yuriy Denisov, a colonel in the Russian military and a commanding officer of Cyber Operations for Unit 29155;
- Four lieutenants in the Russian military assigned to Unit 29155 who worked on cyber operations: Vladislav Borovkov, Denis Denisenko , Dmitriy Goloshubov and Nikolay Korchagin
- a civilian co-conspirator, Amin Sitgal.
In August of 2022, the DOJ claims that the hackers also breached the transportation infrastructure of “a Central European country that was supporting Ukraine.” And then thru August 2021 to February 2022, its alleged they “probed” computers belonging to a federal government agency in Maryland.
During a press conference this afternoon, Special Agent in Charge William DelBagno claimed that they “probed” a federal government system in Maryland over 60 times. He then claimed that they illegally accessed bank accounts and used a US company to carry out these criminal acts.
“The six Russians in this indictment are not advanced cyber masterminds. But they are adept at exploiting vulnerabilities that countries and companies can guard against,” DelBagno stated, suggesting that critical infrastructure components in Ukraine and our own federal systems were breached utilizing novice methods.
— CannCon (@CannConActual) September 5, 2024
Here we go again. “Russia, Russia, Russia Part Duex”
Our DOJ just now:
‘We know Russia broke the law by breaching our systems because we broke the law and breached their systems.’
The WhisperGate hack targeted Ukrainian non-military (weird) systems before the invasion in… pic.twitter.com/JHbw5CSFMC
— CannCon (@CannConActual) September 5, 2024
The indictment alleges that the Russians used false identities and false statements about their identities in order to avoid detection. The network of computers they used allegedly spread across the world, including in the United States, and was paid for using cryptocurrency and electronic payments.
The indictment was signed by US Attorney Erek Barron, who worked for then-Senator Joe Biden from 2007-2009. In April 2019, Barron was one of two Maryland lawmakers to first endorse Joe Biden for President. He would be appointed to the US Attorney’s position in September 2021.
Earlier this week, The Gateway Pundit reported on the narrative-deployment from Politico that a voter registration database developed for New Hampshire was contracted through a company, the only one available, that outsourced their coding. After a forensic examination, it was discovered the software was “misconfigured” to connect to Russian servers. It also, reportedly, had the Ukrainian national anthem hard-coded into the software.