Suspect in ‘WhisperGate’ Cyberattack Indicted, US Posts $10 Million Bounty

The US Department of Justice (DoJ) recently indicted a Russian national accused of orchestrating the “WhisperGate” wiper attack on Ukrainian government computers. The attack destroyed vital infrastructure systems before Russia invaded the European country.

22-year-old Amin Stigal is believed to have ties with the Russian Military Intelligence (GRU).

Suspect Used Data Wiping Malware Against Ukrainian Targets

“In advance of the full-scale Russian invasion of Ukraine, targets included Ukrainian Government systems and data with no military or defense-related roles,” reads a DoJ press release. “Later targets included computer systems in countries that were providing support to Ukraine, including the United States. Stigal remains at large.”

According to court documents, the suspect, helped by accomplices, began conspiring with Russia’s GRU in January 2022, a month prior to the full-scale invasion of Ukraine.

Multiple Sectors Impacted by WhisperGate

In that timeframe, threat actors believed to be operating from Belarus unleashed data-wiping malware in a devastating attack that came to be dubbed “WhisperGate.”

This malware strain wreaked havoc on multiple Ukrainian targets, impacting critical infrastructure networks in the military and defense, government agencies, agriculture, science, education, and emergency services sectors.

Data Wiping Campaign Disguised as Ransomware

Threat actors disguised the malicious campaign as a ransomware attack. However, according to the indictment, WhisperGate was, in fact, a “cyberweapon designed to completely destroy the target computer and related data.”

Furthermore, the perpetrators didn’t stop at merely wiping the affected computers of their vital data. They also vandalized government websites, infiltrated online systems and pilfered personal data—including medical records—of thousands of Ukrainians.

If convicted, Stigal could face up to five years in prison. The US State Department also posted a bounty of up to $10 million for information on the suspect’s location and alleged cybercrimes.