Hacker Responsible For Wiper Malware Identified

A Russian was charged with conspiring to hack and destroy computer systems and data in Ukraine and allied countries including the United States, the US Justice Department (DoJ) announced June, offering a  $10 million reward for information.

Amin Timovich Stigal, a 22-year-old Russian national has been indicted in Maryland, US for his alleged role in staging destructive cyber attacks against Ukraine and its allies in the days leading to Russia's full-blown military invasion of Ukraine in early 2022.

He apparently hacked into and destroying the Ukrainian government’s computer systems and data ahead of the Russian invasion in February 2022.

Defendant is Still at Large

Amin Timovich Stigal, the defendant in question, is assessed to be affiliated with the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). He remains at large and if convicted, he faces a maximum penalty of five years in prison.

“As alleged, the defendant conspired with Russian military intelligence on the eve of Russia’s unjust and unprovoked invasion of Ukraine to launch cyber attacks targeting the Ukrainian government and later targeting its allies, including the United States.” said Attorney General Merrick B. Garland.

“The Justice Department will continue to stand with Ukraine on every front in its fight against Russia’s war of aggression, including by holding accountable those who support Russia’s malicious cyber activity,” the US Justice Dept said in a statement on their website.

“Amin Timovich Stigal attempted to leverage malware to aid the Russian military in the invasion of Ukraine,” said FBI Deputy Director Paul Abbate.

“Today’s indictment demonstrates the FBI’s unwavering commitment to combat malicious cyber activities by our adversaries, and we will continue to work with our international partners to thwart attempts to undermine and harm our allies.”

WhisperGate Cyber-Attack

According to court documents, Stigal was involved in a January 2022 malicious campaign led by the Russian Military Intelligence (GRU).

The attacks entailed the use of a wiper malware codenamed WhisperGate that hacked government, non-profit, and information technology entities in Ukraine. The attacks were first recorded around mid-January 2022.

"The malware is disguised as ransomware but, if activated by the attacker, would render the infected computer system inoperable," Microsoft said at the time. The tech giant is tracking the cluster under its weather-themed moniker Cadet Blizzard.

According to court documents, Stigal et al are said to have used an unnamed US-based company's services to distribute WhisperGate and exfiltrate sensitive data, including patient health records.

In addition, they defaced the websites and put up the stolen information for sale on cyber crime forums in an apparent effort to sow concern among the broader Ukrainian population regarding the safety of government systems and data.

"From August 5, 2021, through February 3, 2022, the conspirators leveraged the same computer infrastructure they used in the Ukraine-related attacks to probe computers belonging to a federal government agency in Maryland in the same manner as they had initially probed the Ukrainian Government networks," the Justice Department (DoJ) said.

The Hacker News     |     U.S. Dept of Justice     |     Reuters     |     National Cyber Security Centre  |  

Infosecurity     |     Cyberscoop     |     The Record

Image:  Leestat

You Might Also Read:

Stronger Civilian Cyber Defences In Ukraine:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Taiwan Targeted In Espionage Campaign
A Brief History Of Cyber Crime »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Libraesva

Libraesva

Libraesva specialize in Email Security. From Email Security, Phishing Awareness and Email Archiver. We can assist you with any email issues you may have.

softScheck

softScheck

softScheck is an IT security consultancy. Services range from pentesting and compliance testing to security auditing of software and IT infrastructure.

Foundation Futuristic Technologies (FFT)

Foundation Futuristic Technologies (FFT)

FFT is a global leader in computer forensics and digital investigation solutions.

Security Brokers

Security Brokers

Security Brokers focus services and solutions with a focus on strategic ICT Security and Cyber Defense issues.

Crypta Labs

Crypta Labs

Crypta Labs is an Award Winning IOT Security startup that is developing a quantum-based encryption chip to secure the Internet of Things.

MAY Cyber Technology

MAY Cyber Technology

MAY Cyber Technology is a Security Management solutions provider located in Turkey & Germany.

Block Armour

Block Armour

Block Armour is a Mumbai and Singapore based venture focused on harnessing emerging technologies to counter growing Cybersecurity challenges in bold new ways.

ComCERT

ComCERT

ComCERT SA is an independent, private consulting company focusing in the assistance of its customers facing the dangers of cyber threats and security incidents.

Egyptian Supreme Cybersecurity Council (ESCC)

Egyptian Supreme Cybersecurity Council (ESCC)

ESCC is responsible for developing a national strategy to face and respond to the cyber threats and attacks and to oversee its implementation and update.

Private Machines

Private Machines

Private Machines develops unique patent-pending technology protects cloud and data center workloads.

Fortify 24/7

Fortify 24/7

Fortify 24×7 provides a robust portfolio of managed cybersecurity solutions to help you identify and prevent attacks.

Safe Decision

Safe Decision

Safe Decision is an information technology company offering Cyber Security, Network, and Infrastructure Services and Solutions.

All About Cookies

All About Cookies

All About Cookies is an informational website that provides tips, advice, and recommendations to help you with Online Privacy, Identity Theft Prevention, Antivirus Protection, and Digital Security.

Gutsy

Gutsy

Gutsy uses process mining to help organizations visualize and analyze their complex security processes to understand how they actually run, based on observable event data.

Mindflow

Mindflow

Mindflow is dedicated to bringing answers to the challenges the cybersecurity field and beyond face today.

Razilio

Razilio

Razilio is a boutique cybersecurity consultancy located in Sydney, Australia and serving the world.