- 1 year ago
U.S. Charges Russian Military Officers for Cyberattacks Ahead of Ukraine Invasion
In a major development, the United States has indicted five Russian military officers, accusing them of launching cyberattacks on civilian infrastructure in Ukraine. These attacks are believed to have taken place in the lead-up to Russia’s invasion, underscoring the growing role of cyber warfare in modern conflicts.
► Subscribe to Headlinecast for the latest video updates. It's free! - https://www.youtube.com/@Headline-Cast
► More Videos - https://youtube.com/@Headline-Cast?sub_confirmation=1
►Visit our Website - https://www.headlinecast.com
Follow ET on:
► Website - https://headlinecast.com
► Facebook - https://facebook.com/headlinecast
► X - https://x.com/HeadlineCast
► Medium - https://medium.com/@HeadlineCast
► Instagram - https://instagram.com/headlinecast
► linkedin - https://www.linkedin.com/in/headlinecast/
► READ MORE ABOUT THIS VIDEO -
Assistant Attorney General Matthew Olsen revealed that the individuals charged were part of Russia’s GRU military intelligence agency. Their campaign, known as WhisperGate, allegedly targeted critical systems in Ukraine, including financial institutions, emergency services, healthcare, and even schools. According to Olsen, these attacks had no connection to military operations, marking a deliberate effort to undermine Ukraine’s civilian infrastructure.
But it didn’t stop there. The FBI has also tied the WhisperGate campaign to broader attacks on NATO countries and the United States, which have been backing Ukraine in the ongoing conflict. FBI special agent William DelBagno described the malware attack in January 2022 as “the first shot of the war,” aimed at paralyzing Ukraine’s government and infrastructure.
Interestingly, the U.S. has also charged a Russian civilian, 22-year-old Amin Timovich Stigal, in connection with these cyberattacks. Stigal, along with the five Russian military officers, remains at large. The U.S. government has put out a $60 million reward for any information that leads to their capture.
What Is WhisperGate?
WhisperGate is far more dangerous than your standard ransomware attack. While it’s designed to appear as a ransomware operation, it’s actually a cyberweapon with the sole purpose of destroying its target. WhisperGate infiltrated government computers in Ukraine, stealing sensitive data, defacing websites, and sowing fear among the population. One message on defaced websites ominously read: “Ukrainians! All information about you has become public, be afraid and expect the worst.” To make matters worse, the stolen data was even offered for sale online.
The Broader Threat
The indicted GRU officers were members of Unit 29155, a notorious subset of Russia’s military intelligence agency. This unit is infamous for carrying out “dirty tricks” around the world, including covert operations and cyber sabotage. The indictment named Colonel Yuriy Denisov
In a major development, the United States has indicted five Russian military officers, accusing them of launching cyberattacks on civilian infrastructure in Ukraine. These attacks are believed to have taken place in the lead-up to Russia’s invasion, underscoring the growing role of cyber warfare in modern conflicts.
► Subscribe to Headlinecast for the latest video updates. It's free! - https://www.youtube.com/@Headline-Cast
► More Videos - https://youtube.com/@Headline-Cast?sub_confirmation=1
►Visit our Website - https://www.headlinecast.com
Follow ET on:
► Website - https://headlinecast.com
► Facebook - https://facebook.com/headlinecast
► X - https://x.com/HeadlineCast
► Medium - https://medium.com/@HeadlineCast
► Instagram - https://instagram.com/headlinecast
► linkedin - https://www.linkedin.com/in/headlinecast/
► READ MORE ABOUT THIS VIDEO -
Assistant Attorney General Matthew Olsen revealed that the individuals charged were part of Russia’s GRU military intelligence agency. Their campaign, known as WhisperGate, allegedly targeted critical systems in Ukraine, including financial institutions, emergency services, healthcare, and even schools. According to Olsen, these attacks had no connection to military operations, marking a deliberate effort to undermine Ukraine’s civilian infrastructure.
But it didn’t stop there. The FBI has also tied the WhisperGate campaign to broader attacks on NATO countries and the United States, which have been backing Ukraine in the ongoing conflict. FBI special agent William DelBagno described the malware attack in January 2022 as “the first shot of the war,” aimed at paralyzing Ukraine’s government and infrastructure.
Interestingly, the U.S. has also charged a Russian civilian, 22-year-old Amin Timovich Stigal, in connection with these cyberattacks. Stigal, along with the five Russian military officers, remains at large. The U.S. government has put out a $60 million reward for any information that leads to their capture.
What Is WhisperGate?
WhisperGate is far more dangerous than your standard ransomware attack. While it’s designed to appear as a ransomware operation, it’s actually a cyberweapon with the sole purpose of destroying its target. WhisperGate infiltrated government computers in Ukraine, stealing sensitive data, defacing websites, and sowing fear among the population. One message on defaced websites ominously read: “Ukrainians! All information about you has become public, be afraid and expect the worst.” To make matters worse, the stolen data was even offered for sale online.
The Broader Threat
The indicted GRU officers were members of Unit 29155, a notorious subset of Russia’s military intelligence agency. This unit is infamous for carrying out “dirty tricks” around the world, including covert operations and cyber sabotage. The indictment named Colonel Yuriy Denisov
Category
🗞
NewsTranscript
00:00The United States has charged five Russian military officers for allegedly conducting cyber attacks on Ukraine's civilian infrastructure before the Russian invasion.
00:19Good afternoon and thank you for joining us this afternoon.
00:22My name is Matt Olson. I'm the Assistant Attorney General for National Security at the Department of Justice.
00:27I am joined today by the United States Attorney for the District of Maryland, Eric Barron, and Special Agent in Charge, William Dobano, of the FBI Baltimore Field Office.
00:38Today we are announcing a superseding indictment against five officers of the Russian military intelligence agency known as the GRU,
00:48as well as one civilian Russian cyber criminal for their campaign to conduct cyber intrusions.
00:56This superseding indictment adds to charges made public in June against the Russian civilian, Amin Stigov.
01:05These defendants are responsible for carrying out the series of destructive computer attacks that are commonly referred to as the Whispergate campaign.
01:15This campaign targeted computers in Ukraine shortly before Russia's invasion of Ukraine in February of 2022.
01:25More generally, the indictment alleges conspiracies related to cyber intrusions targeting victims in the United States, Ukraine, and elsewhere.
01:35The Whispergate campaign included the targeting of civilian infrastructure and Ukrainian computer systems wholly unrelated to the military or national defense.
01:47That included government agencies responsible for emergency services in Ukraine, the judiciary, food safety, and education.
01:54Seeking to sap the morale of the Ukrainian public, the defendants also stole and leaked the personal data of thousands of Ukrainian civilians,
02:05including by posting patient health information and other sensitive private data for sale online and then taunting those victims.
02:16They attempted to cover their tracks by pretending to be criminals engaged in ransomware attacks,
02:21leaving behind ransom notes demanding Bitcoin payments to return data from victim systems,
02:27data the perpetrators knew had already been destroyed and could not be recovered.
02:33And Stigov's involvement illustrates the Russian government's continued willingness to provide a haven for cyber criminals
02:41in exchange for such criminals being, quote, on call to provide support and deniability for its military and intelligence services.
02:49These conspirators did not limit their activities to Ukraine.
02:53They targeted computers around the world and used computer infrastructures of an unwitting U.S.-based company to conduct the Whispergate attacks.
03:04They went on to target computer systems in other nations, supporting Ukraine in its fight for survival.
03:11Ultimately, their targets included computer systems in 26 NATO partners, including the United States.
03:19Before I turn this over to the U.S. Attorney to discuss the case in a bit more detail,
03:24I will note that we are announcing today's charges alongside the concurrent actions of several of our partners.
03:31The United States Department of State is offering a reward of up to $10 million for information on the defendants.
03:38Over a dozen of our domestic and foreign partners have issued a joint cybersecurity advisory regarding this group's activities.
03:47And Estonia has announced criminal charges against several individuals involved in the same hacking activity,
03:53including two of the same defendants charged here today.
03:56The Department of Justice stands united with our partners and our allies in supporting the Ukrainian people in the wake of Russia's invasion of their country.
04:06The National Security Division, which I lead, will continue to use all of our tools,
04:11including our private and international partnerships, in order to identify individuals,
04:16take down the infrastructure, and expose the techniques that prop up the Russian government
04:22and that it uses to carry out its malicious and destabilizing activities.
04:27When it comes to countering Russia's cyber-enabled malicious activities,
04:31National Security Division prosecutors are operating as a force multiplier,
04:35along with prosecutors and agents throughout the country.
04:39Since Russia's invasion, we have conducted multiple court-authorized takedowns of the GRUs and other Russian botnets and malware networks.
04:49For example, this includes the April 2022 Cyclops Blink operation to remove GRU malware from infected devices,
04:58successfully dismantling the GRU botnet and remediating thousands of infected devices,
05:04which Russia could have deployed against Ukraine and its allies.
05:08In May of 2023, the Department executed the court-authorized removal of the FSB's Snake malware
05:16from hundreds of computer systems in at least 50 countries, undermining the FSB's global espionage program.
05:23And just a few months ago, NSD's National Security Cyber Section spearheaded the court-authorized takedown
05:29of a network of hundreds of compromised routers that the GRU had set up as a successor to Cyclops Blink.
05:36Even as our cyber adversaries evolve and adjust their tactics, we are taking action to counter them every step of the way.
05:44We are also bringing this proactive posture to disrupting cyber-enabled foreign malign influence operations.
05:51Just yesterday, the Attorney General announced the Department's Doppelganger takedown.
05:56That operation seized 32 Internet domains used by the Russian government and its proxies
06:01to impersonate legitimate U.S. and foreign media organizations and to perpetrate a covert campaign
06:07to interfere in the 2024 presidential election.
06:12This followed an action a few months ago to take down an AI-enhanced bot farm
06:17that Russian intelligence was also using to disseminate information and sow discord in the U.S. and elsewhere.
06:24So today I want to thank the U.S. Attorney, U.S. Attorney Barron,
06:27and the prosecutors in the U.S. Attorney's Office for the District of Maryland,
06:31and the FBI's Baltimore Field Office, the Milwaukee Field Office, and the Boston Field Office.
06:36Their dedication and partnership in disrupting this malicious activity
06:40illustrates the Department's commitment to addressing national security and cyber security threats with action.
06:47And with that, let me turn it over to the U.S. Attorney.
06:54Good afternoon.
06:56Thank you, Assistant Attorney General Olson.
07:00My name is Eric Barron.
07:01I serve as the United States Attorney for the District of Maryland.
07:05Today we are demonstrating our commitment to protecting national security by any legal means necessary
07:12with the unsealing of an indictment against five Russian military officers and one Russian national
07:20for their global malicious cyber operations around the world.
07:25On August 7th, the grand jury sitting in Baltimore, Maryland, issued a superseding indictment
07:31charging these six individuals with conspiracy to commit computer intrusion and wire fraud conspiracy.
07:38This indictment follows a June 25th indictment that charged Amin Stegall, a Russian national,
07:44with conspiracy to commit computer intrusion related to the Whispergate attacks on the Ukraine and elsewhere in 2022.
07:54The indictment alleges that these officers are a subset of Unit 29155 of the Russian Main Intelligence Directorate,
08:03a military intelligence agency responsible for attempted deadly dirty tricks around the world,
08:10including committing cyber operations beginning in at least 2020.
08:15The indictment alleges that these individuals used U.S.-based companies as their infrastructure,
08:21but adding insult to injury, these individuals not only used tools to scan for vulnerability 63 times
08:30on a Maryland U.S.-based government agency, but they also scanned our allies throughout the world,
08:36including Ukrainian servers and servers in various other countries.
08:42Then they used the Whispergate malware, deploying destructive computer intrusions against Ukraine and other allies.
08:51These compromised systems have no military-related role, including agriculture, education, science, emergency services,
09:02and they stole sensitive data, as you've heard, including health records.
09:07So we are acting because if you violate our laws, we will seek accountability.
09:12The public needs to know about the threat posed by cyber criminals,
09:16and these criminals need to know that their actions will not be ignored.
09:21We're accepting any and all information that protects the lives and furthers our national security interests.
09:27Rewards for Justice is a State Department program that now maintains a $10 million award related to each of these individuals.
09:37I want to thank the National Security Division and the FBI's Baltimore field office for its consistent and outstanding partnership.
09:45And I want to thank the FBI's Milwaukee and Boston field offices for their support,
09:51along with many of our international law enforcement partners.
09:55I also want to thank our team here at the United States Attorney's Office for the District of Maryland,
10:01including our Criminal Division Chief Alicia Washington and Assistant United States Attorneys Aaron Zielinski and Bobby Goldaris.
10:12Next, you'll hear from FBI Special Agent in Charge Bill Delbagno.
10:24Good afternoon.
10:26Thank you, U.S. Attorney Barron, for hosting us today.
10:30We thank you and Assistant Attorney General Olson for the collaboration, expertise, and hard work that brought us here.
10:39I'm Bill Delbagno.
10:40I'm the Special Agent in Charge of the FBI's Baltimore field office.
10:45Today is about partnerships, commitment, and accountability.
10:51We are here, yes, to announce this indictment, but we're also equally here to highlight the international coordination
10:59and robust partnerships with our allies around the world.
11:06This type of cyber warfare will not be tolerated.
11:10The scope of Russia's crimes cannot be ignored.
11:15Ukraine, the United States, and 26 NATO countries were all targeted by this group of Russian military.
11:23We are aligned in our unified response, and we will collectively defend against Russia's aggressive and illegal actions.
11:34The FBI and our partners call this investigation Operation Toy Soldier.
11:40Through strokes on a keyboard, these criminals crossed over borders into countries hunting to find weaknesses and seeking to harm.
11:52The Whispergate malware attack in January of 2022 could be considered the first shot of the war.
12:00The cyber criminals sent a message with their malware telling Ukrainians to, quote, be afraid and expect the worst.
12:09A month later, Russia physically invaded the country.
12:14These six criminals aimed to cripple Ukraine's government and critical infrastructure by targeting their finances, agriculture,
12:24emergency services, healthcare, and schools.
12:29These same criminals are accused of repeatedly targeting U.S. computer networks, including a government agency here in Maryland,
12:38scanning it more than 60 times for vulnerabilities.
12:41They committed fraud in the U.S. by illegally accessing bank accounts and using U.S. company to carry out their criminal acts.
12:50The FBI, along with our law enforcement partners and allies, will relentlessly hunt down and counter these threats.
13:01We have worked closely to thwart additional targeting by this group.
13:06The six Russians in this indictment are not advanced cyber masterminds,
13:13but are adept at exploiting vulnerabilities that countries and companies can guard against with simple steps.
13:21In conjunction with this indictment, the FBI and more than a dozen government partners and countries are issuing a joint cyber security advisory.
13:33It details exactly how these malicious cyber criminals carried out this attack and what can be done to prevent it.
13:43This indictment is the result of years of collaborating with our partners in dozens of different countries and law enforcement in Europe.
13:53We thank each of them for their diligence and dedication that led to today.
14:00As you've heard, there's a combined $60 million reward for information on these criminals' locations and their cyber crimes.
14:08To the Russian criminals, the world is watching.
14:13You do not carry out misdeeds in the dark.
14:16We are united in identifying, prosecuting, and protecting against future crimes.
14:25And I'll now open it up for questions.
14:27And if you have questions that are directed to any one of us, please let us know.
14:32If you could just state your name and your outlet account before you ask your question, that would be great.
14:39Just with Fox45, I have two questions.
14:42The first one, you just said $60 million. Is it $20 million for each of them?
14:46That's correct, yes.
14:48Do you have any reason to believe that they are in the country or out of the country?
14:52Do you know where they could be?
14:55They're not to believe to be in the country.
14:57There are steps that are going to be taken, though, in order to bring this indictment to fruition.
15:05And we will partner with Interpol in order to serve red notices and ensure that if they are in a location that can be affected, that we'll take those on.
15:17Do you have any idea which country they are in?
15:20These are Russian military, and I'll leave it at that.
15:27But to say that wherever they are, the important thing is that we are working with all our partners, our NATO partners,
15:35to protect against this type of action, but also to have the impact that we want to have on this indictment.
15:45Can you say which U.S. companies or agencies have their computer systems in this case?
15:52No, we wouldn't cover any victims in this announcement.
15:59It's important that we maintain their privacy in that.
16:04You said that the U.S. government agency located them and tried to get through 63 times.
16:15Were they able to get any information, or was it stopped?
16:19Was that part of how you sort of figured out who these folks were?
16:24Not necessarily getting into the investigative side,
16:27but scanning for vulnerabilities to try to identify ways to get into those companies or agencies is a manner in which overseas adversaries attempt to compromise the U.S.
16:45And what we do is we partner very closely with all our partner agencies and with all our partner countries in order to protect against those type of vulnerabilities.
16:57And in the Joint Cyber Security Advisory, those steps are laid out as to how to best handle those type of vulnerabilities,
17:09but also the potential for those type of scannings as well.
17:13And you said that Ukrainians have their personal information taken or stolen.
17:18Do you have any reason to believe that Americans might be affected by this, the average citizen?
17:25I don't have reason to believe that.
17:27As you mentioned, this malware attack, Whispergate attack on the Ukrainians,
17:36while it was meant to pose as a ransomware that was meant to make them believe that they could recover their data, was in fact just destroying the computers.
17:49It was taking the data and erasing it, making those computers inoperable.
17:56They did extract that information from the Ukrainians, and that presents vulnerabilities.
18:06And that's why this is important for all of us to include, from Maryland to Americans across the U.S. to our NATO allies,
18:16to understand that these vulnerabilities need to be protected and that the potential of your personal information is the job of the FBI and our partners to help protect that.
18:36Jeff Hager with WMAR-TV.
18:39If these weren't really cyber masterminds, even if you scooped up all six and paid the reward,
18:46what's to keep Russia from just pushing another six people into their place and filling that void?
18:51What keeps Russia from doing this?
18:56Well, part of the indictment is also to impose risk and consequences to the actions that are being taken.
19:03And really, if there's a message that could also be delivered, it's to those that would potentially backfill those individuals.
19:10This isn't a place where they should seek to use their skills.
19:17It's not a place that we want them to be employed and they should consider elsewhere,
19:26because this indictment, while it goes to Interpol, as I mentioned, if nothing else,
19:32landlocks these individuals into Russia, where they may be, or has them looking over their shoulders at any given time.
19:42So perhaps those that are considering this as a future employment or ways to have their cyber skill set, perhaps it discourages them from doing that.
19:55If I may, to answer your question, and I totally agree with the special agent in charge as to why we bring this case and why we bring cases like this.
20:07First and foremost, it is to hold these individuals accountable.
20:11As Bill said, they are marked people now.
20:15We know who they are, there's a reward on their head, and we're going to pursue them relentlessly.
20:20So that's reason one. Reason two is to expose the techniques they've used.
20:24Because when we put these techniques and tools that they've used into our indictment,
20:28and we say we're going to back this up with evidence in a courtroom,
20:31that shows not only the Russians, but it shows our private sector partners on how to protect themselves.
20:38And then finally, the message is clear to the GRU and to the Russians.
20:42We are on to you. We penetrated your systems.
20:45The FBI, the Department of Justice will be relentless in pursuing you.
20:49And so you better pay attention to the fact that we have gotten to you and we are in your system.
20:55So that sends a very strong deterrent message, and we've seen that message take hold in other cases like this.
21:01So that's why we bring these cases.
21:03I have a question. I'm Kate Amara from WBAL-TV from the Can't Hurt to Ask file.
21:09I know you said you didn't want to talk specifically about this,
21:12but the sheer number of federal agencies in our state begs the question,
21:17should people be worried that their Social Security information, health information,
21:22we have Walter Reed, we have NIH, we have the FDA, and yes, we have the NSA.
21:27Should people be worried that their private information was part of this?
21:33And my second question, the private company that unknowingly had their servers used,
21:40did they report it to the feds or did you tell that company that they were being used?
21:46And what's the lesson there for every other company out there?
21:50I'm going to turn it over to the U.S. Attorney on the specifics of the case.
21:55I will just say before I do so that every federal agency, every private sector entity,
22:01is at some risk in this current environment where cybersecurity just has to be a paramount concern.
22:08And that's why we work so hard to be good partners to the private sector
22:12in understanding the threats they face, sharing threat information with them,
22:16and again, when we have a case like this, bringing the case to bring the perpetrators to justice.
22:24Sure, just to follow up, and we can't get into investigative techniques,
22:29I can stay within the four corners of the indictment
22:33and tell you that there were dozens of scans for vulnerabilities
22:42through this Maryland-based U.S. government agency and others throughout the world.
22:48It's something that our partners, our private sector partners, the public in general should know.
22:57Whether or not personally identifiable information was exposed, that's not a part of this indictment.
23:04But certainly, as a general matter, the message here is prevention and intervention.
23:10And the message by this announcement is that there are many cybercriminals out there,
23:17some sponsored by states, some state and country-sponsored cybercriminals
23:23who are out to expose and get at either a government or a company's information
23:31or our own individual information, and so that we should all be very vigilant
23:37in taking the necessary steps, recommended steps, best practices, so to speak, to protect our information.
23:46And quickly, are you able to say which came first?
23:50Did the private company alert you, or did you alert them that they were being scanned?
23:54Right. Again, that's kind of outside the indictment and part of our investigation.
24:00But again, part of this announcement is that that is one way that we as law enforcement
24:07are able to connect the dots, so to speak, in an investigation
24:11when we have those public-private sector partnerships.
24:14We need businesses out there, companies out there to report when things happen.
24:21We need them to be vigilant about their cybersecurity infrastructure
24:26and collaborate with us and with one another.
24:30And that way, we can gather evidence and bring an indictment such as this.
24:36Thanks, everybody. If you didn't get to ask a question, you can refer it to me in the comments.
24:40Thanks for watching.
24:41Thanks, everybody.
24:42Visit our website, HeadlineCast.com, and please subscribe our YouTube channel.
24:46Hit the bell icon for exclusive update news.
24:50Also follow our Facebook page, Instagram, and Twitter.
Be the first to comment