U.S. Widens Indictment of Russians in 'WhisperGate' Conspiracy to Destroy Ukrainian, NATO Systems

The attacks in January 2022 could be considered Russia's first shot in the war.

A photo of Russian suspects wanted by the FBI involved in a conspiracy to commit criminal cyber activities against Ukrainian government systems is displayed during a press conference at the Office of the United States Attorney in Baltimore, Thursday, Sept. 5, 2024.
A photo of Russian suspects wanted by the FBI involved in a conspiracy to commit criminal cyber activities against Ukrainian government systems is displayed during a press conference at the Office of the United States Attorney in Baltimore, Thursday, Sept. 5, 2024.
AP Photo/Stephanie Scarbrough

BALTIMORE (AP) — The U.S. Justice Department has widened its indictment of Russians in the so-called WhisperGate malware attacks aimed at destroying computer systems in Ukraine and 26 NATO allies including the United States.

A superseding indictment announced last Thursday names five Russian military intelligence officers in a conspiracy to demoralize the Ukrainian people on the eve of Russia's full-scale invasion of Ukraine.

The WhisperGate attacks in January 2022 could be considered Russia's first shot in the war, said William DelBagno, special agent in charge of the FBI's Baltimore field office. The cyberattacks penetrated U.S. companies and targeted Ukraine's civilian infrastructure and computer systems unrelated to defense, including the judiciary, emergency services, food safety and education, officials said.

"Seeking to sap the morale of the Ukrainian public, the defendants also stole and leaked the personal data of thousands of Ukrainian civilians, including by posting patient health information and other sensitive private data for sale online and then taunting those victims," said Matthew Olsen, assistant attorney general for national security.

The attacks weren't limited to Ukraine, Olsen said at the news conference in Baltimore, which also included Maryland U.S. Attorney Erek Barron.

Olsen said. "They went on to target computer systems in other nations supporting Ukraine in its fight for survival. Ultimately, their targets included computer systems in 26 NATO partners, including the United States."

A federal grand jury in Baltimore indicted military intelligence officers Vladislav Borovkov, Denis Denisenko, Yury Denisov, Dmitry Goloshubov and Nikolai Korchagin along with Amin Timovich Stigal, a 22-year-old Russian civilian indicted in June. It accuses them of conspiring to gain unauthorized access to computers associated with the governments of Ukraine and its allies.

Combined, the U.S. government is offering $60 million in rewards for help leading to their locations or malicious cyberactivity. All six are most likely in Russia, but federal officials said the indictment is useful anyway, to prevent them from traveling and to show that the U.S. has exposed their conspiracy.

The U.S. investigation, Operation Toy Soldier, found the accused committed fraud in the U.S. by illegally accessing bank accounts and using a U.S. company to unwittingly carry out their crimes, DelBagno said.

"Adding insult to injury these individuals not only used tools to scan for vulnerabilities 63 times on a Maryland U.S.-based government agency, but they also scanned our allies throughout the world, including Ukrainian servers and servers in various other countries," Barron said.

The FBI and government partners in other countries are issuing a joint cybersecurity advisory that details how the attacks were carried out and what can be done to prevent them, officials said.

Countering Russia's cyber threat demands constant efforts, they said. In January, the Justice Department also disrupted a botnet controlled by Russian military intelligence that officials say was used to enable crimes and espionage, and in May, officials announced charges against the alleged developer of a prolific ransomware variant known as LockBit.

Other Russia-related prosecutions announced last week include indictments unsealed last Wednesday charging two employees of RT, a Russia state media company, with covertly funneling millions of dollars to a Tennessee-based content creation firm that paid social media influencers to publish videos in line with Russia's interests, such as on topics like the war with Ukraine.

DelBagno said the indictments are the result of years of collaboration with partners and law enforcement in Europe.

"To the Russian criminals, the world is watching," DelBagno said. "You do not carry out misdeeds in the dark. We are united in identifying, prosecuting and protecting against future crimes."

In another move targeting Russia, the State Department imposed sanctions against two Russian companies and two ships they own that export liquefied natural gas from a previously sanctioned Russian energy project in the Arctic. The department alleged that the companies were using profits from the natural gas exports to fund Russia's war in Ukraine.

The department said it was designating the Gotik Energy Shipping Co. and the Plio Energy Cargo Shipping Co. along with their ships LNG New Energy and LNG Mulan for "supporting Russia's war effort and attempting to expand Russia's global energy leverage." The sanctions freeze any assets the companies may have in U.S. jurisdictions and bar Americans from doing business with them.

More in Cybersecurity