Security News US charges Russian military officers for unleashing wiper malware on Ukraine

Status
Not open for further replies.

oldschool

Level 84
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
7,515
Federal prosecutors on Thursday unsealed an indictment charging six Russian nationals with conspiracy to hack into the computer networks of the Ukrainian government and its allies and steal or destroy sensitive data on behalf of the Kremlin.

The indictment, filed in US District Court for the District of Maryland, said that five of the men were officers in Unit 29155 of the Russian Main Intelligence Directorate (GRU), a military intelligence agency of the General Staff of the Armed Forces. Along with a sixth defendant, prosecutors alleged, they engaged in a conspiracy to hack, exfiltrate data, leak information, and destroy computer systems associated with the Ukrainian government in advance of the Russian invasion of Ukraine in February 2022.

Targeting critical infrastructure with WhisperGate​



Further Reading​

Russia wages “relentless and destructive” cyberattacks to bolster Ukraine invasion
The indictment, which supersedes one filed earlier, comes 32 months after Microsoft documented its discovery of a destructive piece of malware, dubbed WhisperGate, had infected dozens of Ukrainian government, nonprofit, and IT organizations. WhisperGate masqueraded as ransomware, but in actuality was malware that permanently destroyed computers and the data stored on them by wiping the master boot record—a part of the hard drive needed to start the operating system during bootup.
In April 2022, three months after publishing the report, Microsoft published a new one that said WhisperGate was part of a much broader campaign that aimed to coordinate destructive cyberattacks against critical infrastructure and other targets in Ukraine with kinetic military operations waged by Russian forces. Thursday’s indictment incorporated much of the factual findings reported by Microsoft.

“The GRU’s WhisperGate campaign, including targeting Ukrainian critical infrastructure and government systems of no military value, is emblematic of Russia’s abhorrent disregard for innocent civilians as it wages its unjust invasion,” Assistant Attorney General Matthew G. Olsen of the National Security Division said in a statement. “Today’s indictment underscores that the Justice Department will use every available tool to disrupt this kind of malicious cyber activity and hold perpetrators accountable for indiscriminate and destructive targeting of the United States and our allies.”


Later in the campaign, the Russian operatives targeted computer systems in countries around the world that were providing support to Ukraine, including the United States and 25 other NATO countries.

The six defendants are:

  • Yuriy Denisov, a colonel in the Russian military and commanding officer of Cyber Operations for Unit 29155
  • Vladislav Borokov, a lieutenant in Unit 29155 who works in cyber operations
  • Denis Denisenko, a lieutenant in Unit 29155 who works in cyber operations
  • Dmitriy Goloshubov, a lieutenant in Unit 29155 who works in cyber operations
  • Nikolay Korchagin, a lieutenant in Unit 29155 who works in cyber operations
  • Amin Stigal, an alleged civilian co-conspirator, who was indicted in June for his role in WhisperGate activities
Federal prosecutors said the conspiracy started no later than December 2020 and remained ongoing. The defendants and additional unindicted co-conspirators, the indictment alleged, scanned computers of potential targets around the world, including in the US, in search of vulnerabilities and exploited them to gain unauthorized access to many of the systems. The defendants allegedly would then infect the networks with wiper malware and, in some cases, exfiltrate the stored data.

Thursday’s charges came a day after Justice Department officials announced the indictments of two Russian media executives accused of funneling millions of dollars from the Kremlin to a company responsible for creating and publishing propaganda videos in the US that racked up millions of views on social media. Federal prosecutors said the objective was to covertly influence public opinion and deepen social divisions, including over Russia’s war in Ukraine.

Also on Wednesday, federal officials took other legal actions to counter what they said were other Russian psychological operations. The actions included seizing 32 Internet domains they said were being used to spread anti-Ukraine propaganda, sanctioning Russian individuals and entities accused of spreading Russian propaganda and indicting two individuals accused of conspiring to aid a Russian broadcaster violating US sanctions.

Unit 29155 is a covert part of the GRU that carries out coup attempts, sabotage, and assassinations outside Russia. According to WIRED, Unit 29155 recently acquired its own active team of cyberwarfare operators in a move that signals the fusing of physical and digital tactics by Russia more tightly than in the past. WIRED said that the unit is distinct from others within the GRU that employ more recognized Russian-state hacking groups such as Fancy Bear or APT28, and Sandworm.

The Justice Department announced a $10 million reward in exchange for any of the suspects’ locations or cyber activity. The wanted poster and Thursday’s indictment displayed photos of all six defendants. The move is intended to limit the travel options for the men and discourage other Russians from following their example.
 

Victor M

Level 12
Verified
Top Poster
Well-known
Oct 3, 2022
557
Personally I think these US indictments are useless. If those indicted never set foot outside of Russia, nothing is going to happen to them. These indictments are only for showing off the capabilities of US intelligence. And isn't cyber warfare part of a 'normal war' nowadays?
 
Last edited:

TairikuOkami

Level 37
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,613
And people thought that cold war was bad, the amount of paranoia that goes around lately is just beyond absurd.
 
  • Like
Reactions: Chuck57

bazang

Level 5
Jul 3, 2024
228
Personally I think these US indictments are useless. If those indicted never set foot outside of Russia, nothing is going to happen to them. These indictments are only for showing off the capabilities of US intelligence. And isn't cyber warfare part of a 'normal war' nowadays?
It is a legal concept known as extraterritorial jurisdiction. The indictment is done in case that the person who has been charged travels to a nation with a mutual extradition agreement or the person's national government eventually becomes more amenable to extradition requests. Also, once the bounty is set by a government there are individuals who hunt down people, kidnap them, and turn them over to authorities for the reward money. One nation's operatives will also approach authorities and officials in the nations that harbor the criminals. Those officials are made offers they cannot refuse and do what it takes to get the people in question over to those that are chasing them. This, with many variations, has been done many times over the past 50 years all across the world.

It is an instance where the words "It will never happen" does not apply.
 
  • Like
Reactions: oldschool

Victor M

Level 12
Verified
Top Poster
Well-known
Oct 3, 2022
557
there are individuals who hunt down people, kidnap them, and turn them over to authorities for the reward money.
I think you have been watching too many movies. I highly doubt that the US will rely on or encourage such a thing to enforce extraterritorial jurisdiction.
 
Last edited:
  • Like
Reactions: Marko :)

bazang

Level 5
Jul 3, 2024
228
I think you have been watching too many movies. I highly doubt that the US will rely on or encourage such a thing to enforce extraterritorial jurisdiction.
The US regularly enforces extraterritorial jurisdiction. The public does not hear or know about it because the proceedings are often closed and not open to media outlet reporting. The indictments are publicly available, but then extraterritorial jurisdiction matters are handled in many various low-profile ways. More commonly though journalists are not interested in following the cases due to a low return on their efforts.
 

bazang

Level 5
Jul 3, 2024
228
What has that got to do with the US? They think they are the world police?
Treaties and agreements with the Ukraine give the US extraterritorial jurisdiction over cyber crimes committed and\or attempted crimes (inchoate) upon Ukrainian cyber resources. Also some of the cyber resources that were targeted actually are owned by the US government but are deployed on Ukranian territory.
 

Behold Eck

Level 18
Verified
Top Poster
Well-known
Jun 22, 2014
859
The US regularly enforces extraterritorial jurisdiction. The public does not hear or know about it because the proceedings are often closed and not open to media outlet reporting. The indictments are publicly available, but then extraterritorial jurisdiction matters are handled in many various low-profile ways. More commonly though journalists are not interested in following the cases due to a low return on their efforts.
On the contrary as it would make the headlines but it would take a brave international bounty hunter to try and bring in any FSB agents.

Maybe a job for the A-Team, if you know their number;)

Regards Eck:)
 

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,124
Treaties and agreements with the Ukraine give the US extraterritorial jurisdiction over cyber crimes committed and\or attempted crimes (inchoate) upon Ukrainian cyber resources. Also some of the cyber resources that were targeted actually are owned by the US government but are deployed on Ukranian territory.

Sure. Can send the CIA agents over to Russia to arrest them
 

oldschool

Level 84
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
7,515
Treaties and agreements with the Ukraine give the US extraterritorial jurisdiction over cyber crimes committed and\or attempted crimes (inchoate) upon Ukrainian cyber resources. Also some of the cyber resources that were targeted actually are owned by the US government but are deployed on Ukranian territory.
You are correct, though of course, some countries with such transnational agreements disregard them depending on their interests at a particular point in time, e.g. Putin's recent visit to Mongolia, which is heavily dependent on Russian trade.
 
  • Like
Reactions: Marko :)

Marko :)

Level 23
Verified
Top Poster
Well-known
Aug 12, 2015
1,216
Personally I think these US indictments are useless. If those indicted never set foot outside of Russia, nothing is going to happen to them. These indictments are only for showing off the capabilities of US intelligence. And isn't cyber warfare part of a 'normal war' nowadays?
Honestly, if we want these effective, we shouldn't disclose them publicly. There's always a chance they'll go to the US and would be arrested on arrival. If they know they are wanted by the US, now they won't visit for sure.
It is a legal concept known as extraterritorial jurisdiction. The indictment is done in case that the person who has been charged travels to a nation with a mutual extradition agreement or the person's national government eventually becomes more amenable to extradition requests. Also, once the bounty is set by a government there are individuals who hunt down people, kidnap them, and turn them over to authorities for the reward money. One nation's operatives will also approach authorities and officials in the nations that harbor the criminals. Those officials are made offers they cannot refuse and do what it takes to get the people in question over to those that are chasing them. This, with many variations, has been done many times over the past 50 years all across the world.

It is an instance where the words "It will never happen" does not apply.
Aha, sure. How yes no, as we would say here. There are literally war criminals sitting in Serbia's parliament wanted by Croatia. One was even convicted in Hague but was released because of cancer and now he's a free man living the life in Serbia. There are a lot of others that Serbia just refuses to extradite.

So every single time someone says "Putin and his peers will pay for this", forget it. He won't because there's no justice in the world. We know it the best. All those convictions are useless because Putin and his cohorts will visit only countries that either aren't part of ICC or those that are but heavily rely on Russia to function. They aren't dumb to visit any European country right now.
Sure. Can send the CIA agents over to Russia to arrest them
Well, it's a real possibility. Remember Russian spies and killers in Europe whose job was to silence Putin's opponents? Europe is still riddled with them. I have no doubt US already has people in Russia.
 
  • Like
Reactions: zidong
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top