close
close
US charges five Russian military hackers with attacking Ukraine government with destructive malware

The U.S. Justice Department on Thursday charged five members of Russia’s military intelligence agency with hacking into several Ukrainian government agencies, an unnamed U.S. government agency in Maryland and computers belonging to 26 NATO countries, among other victims.

The Justice Department announced the indictment of five members of Russia’s Main Intelligence Directorate, also known as the GRU, and in particular its hacking unit 29155. The indictment names Colonel and commander of Russian GRU cyber operations Yuriy Denisov; Lieutenants Vladislav Borovkov, Denis Denisenko, Dmitriy Goloshubov, and Nikolay Korchagin; and a civilian co-conspirator, Amin Stigal, who was previously charged with some of the same crimes.

Prosecutors allege that the six defendants were behind the WhisperGate cyberattack, an operation that was designed to look like a ransomware attack against the Ukrainian government but was actually a destructive attack that would render targeted computers unusable. The Russian government has been accused of launching WhisperGate in support of its full-scale invasion of Ukraine in February 2022.

According to the indictment, Denisov, Denisenko, Korchagin, Goloshubov and Borovkov, as well as other unnamed individuals, planned meetings at the Shokoladnitsa Cafe in Moscow’s Sofia shopping mall. The indictment does not explain how the U.S. government was able to obtain information about these meetings or photographs of the suspects, but it does suggest that authorities gained significant access to the hackers’ infrastructure.

“The message is clear. To the GRU and the Russians: we have you under control, we have penetrated your systems. The FBI and the Department of Justice will be after you relentlessly, so you better pay attention to the fact that we have you and we are in your systems,” said Matt Olsen, US Assistant Attorney General for National Security, during a press conference announcing the charges.

The indictment included details about the cyber operations of the six Russians, as well as a group photograph of four of the lieutenants and one of General Denisov.

GRU lieutenants Denisenki, Korchagin, Goloshubov and Borovkov.
Image credits: United States Department of Justice

The six Russians are accused of hacking several government and civilian targets in Ukraine over the past few years, including the Ministry of Internal Affairs, the State Treasury, the Judicial Administration, several other government departments, and the Ukrainian State Railways.

Around October 2022, the six allegedly hacked into what the indictment only described as the transportation infrastructure of “a Central European country.” As previously reported, the timing of this attack suggests it was the cyberattack against Denmark, which caused delays and disruptions across the country’s rail network, according to the indictment.

Contact us

Do you have more information about these attacks against Ukraine and other targets? Or information about GRU Unit 29155 and its cyberattacks? From a device not at work, you can securely contact Lorenzo Franceschi-Bicchierai on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or by email. You can also reach TechCrunch via SecureDrop.

During a press conference, US government officials declined to specify which Maryland-based US agency was allegedly targeted by the Russian hackers.

Also on Thursday, the FBI, the U.S. cybersecurity agency CISA, the U.K.’s National Cyber ​​Security Centre, as well as European, Canadian and Australian government agencies published a joint cybersecurity advisory with technical details of Unit 29155’s operations.

The FBI, which dubbed the international effort against the six suspected Russian hackers Operation Toy Soldier, also posted a poster with photographs of the hackers requesting tips that could lead to their arrest and offered a $10 million reward for each suspected hacker.

In a post on the official X account of the Rewards for Justice bug bounty program after the allegations, the US government referred to the hackers as having “baby faces.”