Russian National Charged For Conspiring With Russian Military Intelligence To Destroy Ukrainian Government Computer Systems And Data

Press Release

Defendant is Alleged to have Assisted with an Attack in Advance of Russia's February 2022 Invasion of Ukraine

Greenbelt,Maryland - A federal grand jury in Maryland yesterday returned an indictment charging Amin Timovich Stigal [Амин Тимович Стигал], age 22, a Russian citizen, with conspiracy to hack into and destroy computer systems and data. In advance of the full-scale Russian invasion of Ukraine, targets included Ukrainian Government systems and data with no military or defense-related roles. Later targets included computer systems in countries that were providing support to Ukraine, including the United States. Stigal remains at large.

The indictment was announced by Erek L. Barron, U.S. Attorney for the District of Maryland, Assistant Attorney General Matthew G. Olsen of the Justice Department's National Security Division, and Special Agent in Charge William J. DelBagno of the Federal Bureau of Investigation, Baltimore Field Office.

"Malicious cyber actors who attack our allies should know that we will pursue them to the full extent of the law" said U.S. Attorney Barron. "Cyber intrusion schemes such as the one alleged threaten our national security, and we will use all the technologies and investigative measures at our disposal to disrupt and track down these cybercriminals."

"As alleged, the defendant conspired with Russian military intelligence on the eve of Russia's unjust and unprovoked invasion of Ukraine to launch cyberattacks targeting the Ukrainian government and later targeting its allies, including the United States." said Attorney General Merrick B. Garland. "The Justice Department will continue to stand with Ukraine on every front in its fight against Russia's war of aggression, including by holding accountable those who support Russia's malicious cyber activity."

"The indictment of Amin Stigal is yet another example of the FBI's commitment to combating cyber threats both at home and internationally," said Special Agent in Charge William J. DelBagno of the FBI's Baltimore Field Office. "To those adversaries who seek to compromise our international partners' systems, know you will be identified and you will face consequences for your actions. The FBI vows to continually pursue justice and disrupt malicious cyber actors."

The indictment alleges that in January 2022, Stigal and members of the Main Intelligence Directorate of the General Staff ("GRU") of the Russian Federation (the "Conspirators") conspired to use a U.S.-based company's services to distribute malware known in the cybersecurity community as "WhisperGate" to dozens of Ukrainian government entities' computer systems and destroy those systems and related data in advance of the Russian invasion of Ukraine. The United States government previously joined with allies and partners in May 2022 [https://www.state.gov/attribution-of-russias-malicious-cyber-activity-against-ukraine/] to attribute this cyber attack to the Russian military and to condemn the attack and similar destructive cyber activities against Ukraine.

As alleged in the indictment, on January 13, 2022, the Conspirators attacked multiple Ukrainian government networks, including the Ukrainian Ministry of International Affairs, the State Treasury, the Judiciary Administration, the State Portal for Digital Services, the Ministry of Education and Science, the Ministry of Agriculture, the State Service for Food Safety and Consumer Protection, the Ministry of Energy, the Accounting Chamber for Ukraine, the State Emergency Service, the State Forestry Agency, and the Motor Insurance Bureau. The Conspirators infected computers on these and other networks with malware called WhisperGate, which was designed to look like ransomware. However, as the indictment alleges, WhisperGate was actually a cyberweapon designed to completely destroy the target computer and related data.

In conjunction with these attacks, the Conspirators compromised several of the targeted Ukrainian computer systems, exfiltrated sensitive data, including patient health records, and defaced the websites to read: "Ukrainians! All information about you has become public, be afraid and expect the worst. This is for your past, present and future." That same day, the Conspirators offered the hacked data for sale on the internet. The effort was aimed at sowing concern among the broader Ukrainian population regarding the safety of government systems and data.

In August 2022, the Conspirators also hacked the transportation infrastructure of a Central European country that was supporting Ukraine. The indictment further alleges that from August 5, 2021, through February 3, 2022, the Conspirators leveraged the same computer infrastructure they used in the Ukraine-related attacks to probe computers belonging to a federal government agency in Maryland in the same manner as they had initially probed the Ukrainian Government networks.

Concurrent with the return of the indictment, the U.S. Department of State's Rewards for Justice program is offering a reward of up to $10 million for information on Stigal's location or his malicious cyberactivity. Anyone possessing such information should contact Rewards for Justice here.

An indictment is not a finding of guilt. An individual charged by indictment is presumed innocent unless and until proven guilty at some later criminal proceedings. If convicted, Stigal faces a maximum sentence of 5 years in federal prison. A federal district court judge will determine any sentence after taking into account the U.S. Sentencing Guidelines and other statutory factors.

U.S. Attorney Barron and Assistant Attorney General Matthew G. Olsen commended the FBI's Baltimore Field Office for its outstanding work and thanked the FBI's Milwaukee and Boston Field Offices for their support in the case. Assistant U.S. Attorneys Aaron S.J. Zelinsky and Robert I. Goldaris for the District of Maryland are prosecuting the case, with valuable assistance from the National Security Division's National Security Cyber Section.

For more information on the Maryland U.S. Attorney's Office, its priorities, and resources available to help the community, please visit www.justice.gov/usao-md and https://www.justice.gov/usao-md/community-outreach.

# # #

Contact

Updated June 26, 2024