US Charges Russian Officers for Allegedly Hacking Ukrainian Infrastructure Right Before Invasion

A Maryland grand jury charged five Russian hackers, who are officers in Unit 29155 of the Russian Main Intelligence Directorate (GRU), alongside a civilian who’s already been charged with conspiracy to commit computer intrusion.

The six hackers have been charged for their alleged direct roles in the attacks against Ukrainian targets right before the Russian invasion. Later, they also allegedly went after NATO targets.

“The defendants’ targets included Ukrainian Government systems and data with no military or defense-related roles. Later targets included computer systems in countries around the world that were providing support to Ukraine, including the United States and 25 other North Atlantic Treaty Organization (NATO) countries,” reads the recently unsealed indictment.

The indictment says the hackers’ plan included using the services of a US-based company to distribute malware known in the cybersecurity community as “WhisperGate.” What made this particular malware stand out was the fact that it was made to resemble a ransomware attack, when in truth it was designed to only destroy data and infrastructure.

“WhisperGate was actually a cyberweapon designed to completely destroy the target computer and related data in advance of the Russian invasion of Ukraine,” the indictment states.

“Ukrainian government networks subjected to this attack included the Ukrainian Ministry of Internal Affairs, State Treasury, Judiciary Administration, State Portal for Digital Services, Ministry of Education and Science, Ministry of Agriculture, State Service for Food Safety and Consumer Protection, Ministry of Energy, Accounting Chamber for Ukraine, State Emergency Service, State Forestry Agency and Motor Insurance Bureau.”

The attackers didn’t limit themselves to these official institutions. They also went after hospitals and various organizations, exfiltrating sensitive data, including patient health records, according to the indictment. They even defaced some websites, leaving the same message everywhere: “Ukrainians! All information about you has become public, be afraid and expect the worst. This is for your past, present and future.”

The authorities also explained that this indictment is part of an international effort, Operation Toy Soldier, to combat the malicious cyber activity by Unit 29155 of the GRU. Finding these hackers is a difficult task, especially since they are Russian nationals, but the US Department of State’s Rewards for Justice is offering a reward of up to $10 million for information on any of the defendants’ locations.