Hacker Responsible For Wiper Malware Identified

Uploaded on 2024-07-04 in FREE TO VIEW, INTELLIGENCE-Hot Spots-Russia, NEWS-Cybersecurity News

A Russian was charged with conspiring to hack and destroy computer systems and data in Ukraine and allied countries including the United States, the US Justice Department (DoJ) announced June, offering a  $10 million reward for information.

Amin Timovich Stigal, a 22-year-old Russian national has been indicted in Maryland, US for his alleged role in staging destructive cyber attacks against Ukraine and its allies in the days leading to Russia's full-blown military invasion of Ukraine in early 2022.

He apparently hacked into and destroying the Ukrainian government’s computer systems and data ahead of the Russian invasion in February 2022.

Defendant is Still at Large

Amin Timovich Stigal, the defendant in question, is assessed to be affiliated with the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). He remains at large and if convicted, he faces a maximum penalty of five years in prison.

“As alleged, the defendant conspired with Russian military intelligence on the eve of Russia’s unjust and unprovoked invasion of Ukraine to launch cyber attacks targeting the Ukrainian government and later targeting its allies, including the United States.” said Attorney General Merrick B. Garland.

“The Justice Department will continue to stand with Ukraine on every front in its fight against Russia’s war of aggression, including by holding accountable those who support Russia’s malicious cyber activity,” the US Justice Dept said in a statement on their website.

“Amin Timovich Stigal attempted to leverage malware to aid the Russian military in the invasion of Ukraine,” said FBI Deputy Director Paul Abbate.

“Today’s indictment demonstrates the FBI’s unwavering commitment to combat malicious cyber activities by our adversaries, and we will continue to work with our international partners to thwart attempts to undermine and harm our allies.”

WhisperGate Cyber-Attack

According to court documents, Stigal was involved in a January 2022 malicious campaign led by the Russian Military Intelligence (GRU).

The attacks entailed the use of a wiper malware codenamed WhisperGate that hacked government, non-profit, and information technology entities in Ukraine. The attacks were first recorded around mid-January 2022.

"The malware is disguised as ransomware but, if activated by the attacker, would render the infected computer system inoperable," Microsoft said at the time. The tech giant is tracking the cluster under its weather-themed moniker Cadet Blizzard.

According to court documents, Stigal et al are said to have used an unnamed US-based company's services to distribute WhisperGate and exfiltrate sensitive data, including patient health records.

In addition, they defaced the websites and put up the stolen information for sale on cyber crime forums in an apparent effort to sow concern among the broader Ukrainian population regarding the safety of government systems and data.

"From August 5, 2021, through February 3, 2022, the conspirators leveraged the same computer infrastructure they used in the Ukraine-related attacks to probe computers belonging to a federal government agency in Maryland in the same manner as they had initially probed the Ukrainian Government networks," the Justice Department (DoJ) said.

The Hacker News     |     U.S. Dept of Justice     |     Reuters     |     National Cyber Security Centre  |  

Infosecurity     |     Cyberscoop     |     The Record

Image:  Leestat

You Might Also Read:

Stronger Civilian Cyber Defences In Ukraine:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Taiwan Targeted In Espionage Campaign
A Brief History Of Cyber Crime »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DriveLock

DriveLock

Our security solution is designed to prevent external attacks, which are evermore sophisticated as well as monitor, document and even prevent internal incidents.

King & Spalding

King & Spalding

King & Spalding is an international law firm with offices in the United States, Europe and the Middle East. Practice areas include Data, Privacy & Security.

Swivel Secure

Swivel Secure

Swivel Secure is an award winning provider of multi-factor authentication solutions.

Clearwater Security & Compliance

Clearwater Security & Compliance

Clearwater Compliance specialize in Privacy, Security, Compliance and Risk Management Solutions for Health Care, Law Firms and other businesses.

Baffle

Baffle

Baffle is pioneering a solution that makes data breaches irrelevant by keeping data encrypted from production through processing.

Signifyd

Signifyd

Signifyd is the world's largest provider of Guaranteed e-Commerce Fraud Protection.

Bechtel

Bechtel

Bechtel’s Industrial Control Systems Cyber Security Laboratory focuses on protecting large-scale industrial and infrastructure systems that support critical infrastructure.

ThreatAdvice

ThreatAdvice

ThreatAdvice is a provider of cybersecurity education, awareness and threat intelligence.

Technology Law Alliance (TLA)

Technology Law Alliance (TLA)

Technology Law Alliance is a specialist IT law firm focussed on the fields of technology, outsourcing and e-commerce.

FireCompass

FireCompass

FireCompass SAAS platform helps CISOs & Security Teams in continuous risk assessment by mapping your attack surface and knowing the “unknown unknowns”.

CyberSheath Services International

CyberSheath Services International

CyberSheath integrates your compliance and threat mitigation efforts and eliminates redundant security practices that don’t improve and in fact might probably weaken your security posture.

ANSEC IA

ANSEC IA

ANSEC is a consultancy practice providing independent Information Assurance and IT Security focussed services to customers throughout the UK, Ireland and internationally.

Gorilla Technology Group

Gorilla Technology Group

Gorilla specializes in video analytics, OT network security and big data to support a wide range of solutions for commercial, industrial, cities and government purposes.

SecureTeam

SecureTeam

SecureTeam are a UK-based information security practice, specialising in all areas of cybersecurity.

Keytos

Keytos

Keytos has revolutionized the Identity Management and PKI industry by creating cryptographic tools that allow you to go password-less by making security transparent to the user.

NetAlly

NetAlly

NetAlly network test solutions help engineers and technicians better deploy, manage, maintain, and secure today’s complex wired and wireless networks.