5 Russian military hackers plotted to spread malware to Ukraine through a US company, new charges say
The hackers also tried to target a federal agency based in Maryland, the Justice Department alleges.
The Justice Department said five cyber warriors affiliated with Russia’s military intelligence directorate conspired to deploy an insidious malware program on Ukrainian computers using the infrastructure of a U.S.-based firm, according to charges unsealed Thursday.
The allegations are tacked onto a U.S. indictment made in June against a 22-year-old Russian hacker, who was accused of colluding with operatives in Russia’s GRU to stage cyberattacks into the Ukrainian systems through infrastructure of a U.S.-based company. The firm remains unnamed in the updated allegations.
In January 2022, weeks before Russia invaded Ukraine, the GRU military hackers launched destructive “WhisperGate” malware against Ukrainian government networks — programmed to steal data off computers and wipe their entire contents — rendering them inoperable without the ability to recover the lost information, the indictment alleges.
As seen in the initial June charges, the U.S. also claims that, between August 2021 and February 2022, the defendants used the same computer infrastructure from their Ukraine attacks to target an unnamed federal agency in Maryland, employing tactics similar to those used against Ukrainian government networks.
The indictments were accompanied by an international cross-government advisory warning of the operatives, who are tied to Unit 29155 of the GRU. The Russian unit, known for its foreign assassination activities and other work aimed at destabilizing European governments, has expanded its cyber grasp, targeting U.S. infrastructure and some 26 NATO members around the world, the alert says. The group only became publicly known in 2019.
The WhisperGate malware is particularly powerful because it’s disguised to look like ransomware, but targeted victims still lose their data, even if a ransom is paid. It’s repeatedly popped up in reports on Russia-backed cybercriminals that have sought to use the malicious tool to target Ukrainian assets and infrastructure of its nearby allies.
The accusation comes a day after the U.S. unveiled sweeping sanctions, charges and other moves to deter a sustained Russian disinformation campaign targeting voters ahead of the November presidential election.