US Warns Russian Hackers:  We Are Onto You

WASHINGTON — The United States has charged five Russian intelligence officers and one Russian civilian in connection with a major cyberattack, described by U.S. prosecutors as the first shot in the Kremlin's war against Ukraine.

The Justice Department unsealed the superseding indictment Thursday, accusing the Russians of carrying out the January 2022 "WhisperGate" malware attack that sought to debilitate Ukraine's civilian infrastructure ahead of the Russian invasion the following month.

"The WhisperGate campaign included the targeting of civilian infrastructure and Ukrainian computer systems wholly unrelated to the military or national defense, that include government agencies responsible for emergency services in Ukraine, the judiciary, food safety and education, seeking to sap the morale of the Ukrainian public," said U.S. Assistant Attorney General Matthew Olsen.

The attack "could be considered the first shot of the war," said FBI Special Agent in Charge Bill DelBagno, speaking alongside Olsen during a news conference in Baltimore, Maryland.

DelBagno said the WhisperGate campaign also targeted the United States and dozens of NATO allies, going as far as to infiltrate a U.S. government agency based in Maryland while simultaneously accessing U.S. bank accounts.

"The FBI, along with our law enforcement partners and allies, will relentlessly hunt down and counter these threats," he said. "This type of cyber warfare will not be tolerated. The scope of Russia's crimes cannot be ignored."

Thursday's superseding indictment, the result of an FBI operation named “Toy Soldier,” builds on charges first filed in June against 22-year-old Russian Amin Stigal, a civilian accused of leveraging malware to aid Russian intelligence ahead of the invasion of Ukraine.

As part of the attack, Stigal and the agents with Unit 21955 of Russia's Main Intelligence Directorate of the General Staff, or GRU, used the cyberinfrastructure of some U.S.-based companies to launch what first appeared to be ransomware attacks, but which were actually designed to wipe out critical data.

The new indictment names Stigal’s Russian GRU accomplices as Vladislav Borovkov, Denis Denisenko, Yuriy Denisov, Dmitriy Goloshubov and Nikolay Korchagin.

FBI officials said the GRU unit has also operated under the names Cadet Blizzard, Ember Bear and Dev-0586, carrying out cyberattacks on critical infrastructure across Europe, Central America and Asia.

In addition to the new charges, U.S. officials said they are offering a reward of up to $10 million for each of the Russians named in the criminal complaint.

The officials said they are also working with Interpol to serve notices that could help lead to the arrest of the six Russians.

"They are marked people," Olsen said. "We know who they are. There's a reward on their head, and we're going to pursue them relentlessly."

"The message is clear," he said. "To the GRU, to the Russians, we are onto you."

In addition to the charges, the FBI and its partners on Thursday issued a cybersecurity advisory telling organizations and companies to fix known vulnerabilities that could be exploited by the GRU's Unit 21955.

The Russian Embassy in Washington has yet to respond to a VOA request for comment.

A key Ukrainian official praised the U.S. indictments and the multinational work that helped make it possible.

"This is a very vivid example of how cooperation, international joint work will and actually can facilitate in this effort to struggle with such a strong and unfortunately quite big enemy as Russia,” said Ivan Kalabashkin, the deputy head of Cyber for the Security Service of Ukraine (SBU).

Kalabaskin, speaking at a cybersecurity conference in Washington Thursday, said Ukraine is suffering from between 10 and 15 major Russian cyberattacks a day, warning the threat is unlikely to diminish.

“The Russians are working very thoroughly on building their offensive [cyber] capacities,” he said. “They are teaching their students at the university, the civil universities, how to attack systems … how to attack infrastructure.”

Meanwhile, some U.S. allies announced their own plans to crack down on Russian intelligence.

Estonia on Thursday announced it has attributed a 2020 cyberattack on three of its government ministries and is seeking the arrest of three members of the GRU's Unit 21955.

"Russia's aim was to damage national computer systems, obtain sensitive information and strike a blow against our sense of security," Estonian Foreign Minister Margus Tsahkna said in a statement.

"Estonia condemns any malign activity, including cyberactivity that threatens our institutions, our citizens and our security," Tsahkna said.

Thursday's charges by the U.S. against Russian agents are the latest in a series of measures by Washington to crack down on what it describes as Moscow's malign activity.

Earlier Thursday, the U.S. Justice Department charged a U.S. television presenter for Channel One Russia and his wife with sanctions evasion.

NEW: US charges American TV presenter for Channel One #Russia & his wife in scheme to evade US sanctions@TheJusticeDept unsealed the indictment vs 76yo Dimitri Simes & 55yo Anastasia Simes ThursdayThey have a home in #Virginia but "remain at large...believed to be in Russia"

— Jeff Seldin (@jseldin) September 5, 2024

On Wednesday, the U.S. charged two Russian nationals employed by the Kremlin-backed RT media outlet with funneling almost $10 million to a U.S.-based media company to spread pro-Russian disinformation.

The Justice Department on Wednesday also announced the takedown of 32 internet domains linked to what officials described as a separate Russian operation aimed at influencing the U.S. presidential election.

VOA’s United Nations correspondent Margaret Besheer contributed to this report.