On June 25th, a Maryland district court in the United States issued a federal arrest warrant for 22-year-old Russian hacker Amin Stigal, who allegedly aided in creating servers for Russian military intelligence to destroy Ukrainian government computer systems in January 2022, a month before the full-scale invasion.
The cyber campaign, known as WhisperGate, relied on a malware known as "wiper," disguised as ransomware, but intentionally and irreversibly encrypted data on infected devices. American prosecutors stated that the cyber attacks aimed to "sow discord" among Ukrainians regarding the security of government systems, as reported by TechCrunch.
Stigal is also accused of assisting hackers working for Russian military intelligence, known as GRU, in attacking Ukraine's allies, including the United States. According to an undisclosed indictment, Stigal allegedly used cryptocurrency to pay for and set up servers for an unnamed American company, enabling GRU hackers to launch cyber attacks on the Ukrainian government using data-wiping malware.
Russian hackers reportedly stole a trove of data during the cyber attacks, including health records, criminal records, and car insurance data from Ukrainian government systems. Subsequently, the hackers announced the sale of this data on well-known cybercriminal forums.
American prosecutors allege that Russian hackers also targeted a unnamed U.S. government agency based in Maryland dozens of times between 2021 and 2022, prior to the invasion, allowing district prosecutors to take jurisdiction over and charge Stigal.
Later in October 2022, Russian hackers allegedly used the same servers set up by Stigal to attack the transportation sector of an unnamed European country that was providing civilian and military aid to Ukraine post-invasion. This incident coincided with a cyber attack in Denmark in October 2022, which caused widespread disruptions and delays in the country's railway network at the time.
The U.S. government has offered a reward of $10 million for information leading to the location or arrest of Stigal, who remains at large and is believed to be in Russia.
If convicted, he faces up to five years in prison.