Hacker Responsible For Wiper Malware Identified

A Russian was charged with conspiring to hack and destroy computer systems and data in Ukraine and allied countries including the United States, the US Justice Department (DoJ) announced June, offering a  $10 million reward for information.

Amin Timovich Stigal, a 22-year-old Russian national has been indicted in Maryland, US for his alleged role in staging destructive cyber attacks against Ukraine and its allies in the days leading to Russia's full-blown military invasion of Ukraine in early 2022.

He apparently hacked into and destroying the Ukrainian government’s computer systems and data ahead of the Russian invasion in February 2022.

Defendant is Still at Large

Amin Timovich Stigal, the defendant in question, is assessed to be affiliated with the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). He remains at large and if convicted, he faces a maximum penalty of five years in prison.

“As alleged, the defendant conspired with Russian military intelligence on the eve of Russia’s unjust and unprovoked invasion of Ukraine to launch cyber attacks targeting the Ukrainian government and later targeting its allies, including the United States.” said Attorney General Merrick B. Garland.

“The Justice Department will continue to stand with Ukraine on every front in its fight against Russia’s war of aggression, including by holding accountable those who support Russia’s malicious cyber activity,” the US Justice Dept said in a statement on their website.

“Amin Timovich Stigal attempted to leverage malware to aid the Russian military in the invasion of Ukraine,” said FBI Deputy Director Paul Abbate.

“Today’s indictment demonstrates the FBI’s unwavering commitment to combat malicious cyber activities by our adversaries, and we will continue to work with our international partners to thwart attempts to undermine and harm our allies.”

WhisperGate Cyber-Attack

According to court documents, Stigal was involved in a January 2022 malicious campaign led by the Russian Military Intelligence (GRU).

The attacks entailed the use of a wiper malware codenamed WhisperGate that hacked government, non-profit, and information technology entities in Ukraine. The attacks were first recorded around mid-January 2022.

"The malware is disguised as ransomware but, if activated by the attacker, would render the infected computer system inoperable," Microsoft said at the time. The tech giant is tracking the cluster under its weather-themed moniker Cadet Blizzard.

According to court documents, Stigal et al are said to have used an unnamed US-based company's services to distribute WhisperGate and exfiltrate sensitive data, including patient health records.

In addition, they defaced the websites and put up the stolen information for sale on cyber crime forums in an apparent effort to sow concern among the broader Ukrainian population regarding the safety of government systems and data.

"From August 5, 2021, through February 3, 2022, the conspirators leveraged the same computer infrastructure they used in the Ukraine-related attacks to probe computers belonging to a federal government agency in Maryland in the same manner as they had initially probed the Ukrainian Government networks," the Justice Department (DoJ) said.

The Hacker News     |     U.S. Dept of Justice     |     Reuters     |     National Cyber Security Centre  |  

Infosecurity     |     Cyberscoop     |     The Record

Image:  Leestat

You Might Also Read:

Stronger Civilian Cyber Defences In Ukraine:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Taiwan Targeted In Espionage Campaign
A Brief History Of Cyber Crime »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

AusCERT

AusCERT

AusCERT is the premier Computer Emergency Response Team (CERT) in Australia and a leading CERT in the Asia/Pacific region

E-Tech

E-Tech

E-Tech has been providing system support and information technology consulting services including Internet and Network Security assessments.

CERT-MU

CERT-MU

CERT-MU is the Mauritian National Computer Security Incident Response Team.

European Cyber Security Organisation (ECSO)

European Cyber Security Organisation (ECSO)

The main objective of ECSO is to support all types of initiatives or projects that aim to develop, promote and encourage European cybersecurity.

Perspective Risk

Perspective Risk

Perspective Risk provides penetration testing, security assessments, risk management & compliance solutions, InfoSec training and consultancy services.

Deep Identity

Deep Identity

Deep Identity is a boutique system integrator, with expertise in tailored identity governance & administration (IGA) and identity access management (IAM) solutions.

Azeti Networks

Azeti Networks

Azeti Networks is a global provider of IoT technology to a variety of verticals including telecomms, oil/gas, manufacturing, finance and healthcare.

Data Eliminate

Data Eliminate

Data Eliminate provide data destruction, secure end-of-life IT asset disposal, and data protection consultancy services.

German Israeli Partnership Accelerator (GIPA)

German Israeli Partnership Accelerator (GIPA)

GIPA is based on two pillars: it is an incubator aimed at young academics and a program to transfer cybersecurity expertise to corporate partners.

BI.ZONE

BI.ZONE

BI.ZONE creates high-tech products and solutions to protect IT infrastructures and applications, and provides services from cyber intelligence and proactive defence to cybercrime investigation.

AgileBlue (Agile1)

AgileBlue (Agile1)

AgileBlue (formerly Agile1) is a managed breach detection company with an Autonomous SOC-as-a-Service for 24×7 monitoring, detection and guided response.

OpsHelm

OpsHelm

OpsHelm provides a Software-as-a-Service solution to help businesses ensure that all of their cloud environments have their security bases covered.

CloudScale365

CloudScale365

CloudScale365 offers state-of-the-art managed IT services and cloud, hosting, security, and business continuity solutions.

Corsearch

Corsearch

Combining AI-powered technology and decades of industry expertise, Corsearch is revolutionizing how companies establish and protect their brands.

Leo CybSec

Leo CybSec

Leo CybSec unites a group of Cyber Security experts with 20+ years of collective expertise to help our clients realise and mitigate the cyber challenges and risks facing their business.

CSIRT-Gnd

CSIRT-Gnd

CSIRT-Gnd provides 24x7 Computer Security Incident Response Services to citizens, companies and government agencies in Grenada.