The U.S. Department of Justice has unsealed an indictment charging six Russian nationals with conspiracy to commit computer intrusion and wire fraud. Five of the defendants are officers in Unit 29155 of the Russian Main Intelligence Directorate (GRU), while the sixth is a civilian already under indictment for related charges.
The Maryland grand jury indictment names the defendants as Yuriy Denisov, a colonel and commanding officer of Cyber Operations for Unit 29155; lieutenants Vladislav Borovkov, Denis Denisenko, Dmitriy Goloshubov, and Nikolay Korchagin; and civilian co-conspirator Amin Sitgal.
According to court documents, on January 13, 2022, the defendants allegedly used a U.S.-based company’s services to distribute malware known as “WhisperGate” to dozens of Ukrainian government computer systems. While designed to look like ransomware, WhisperGate was actually intended to destroy target computers and data in preparation for Russia’s invasion of Ukraine.
The cyber attacks targeted numerous Ukrainian government networks, including the Ministry of Internal Affairs, State Treasury, Judiciary Administration, State Portal for Digital Services, and various ministries such as Education and Science, Agriculture, and Energy. Other affected entities included the State Service for Food Safety and Consumer Protection, Accounting Chamber for Ukraine, State Emergency Service, State Forestry Agency, and Motor Insurance Bureau.
Assistant Attorney General Matthew G. Olsen of the National Security Division stated, “The GRU’s WhisperGate campaign, including targeting Ukrainian critical infrastructure and government systems of no military value, is emblematic of Russia’s abhorrent disregard for innocent civilians as it wages its unjust invasion.”
The indictment alleges that the defendants compromised several targeted systems, exfiltrated sensitive data including patient health records, and defaced websites with threatening messages. They also allegedly offered the hacked data for sale on the internet.
In August 2022, the defendants reportedly hacked transportation infrastructure in a Central European country supporting Ukraine. From August 2021, they probed computer systems in 26 NATO member countries for vulnerabilities. The indictment further alleges that between August 5, 2021, and February 3, 2022, the defendants used the same infrastructure to probe computers belonging to a federal government agency in Maryland.
This indictment is part of Operation Toy Soldier, an international effort to combat malicious cyber activity by GRU Unit 29155. The FBI and 12 other partners from nine countries have released a Joint Cybersecurity Advisory to enhance network defense against the unit’s activities.
The U.S. Department of State’s Rewards for Justice program is offering up to $10 million for information leading to the identification or location of individuals involved in these cyber activities.
U.S. Attorney Erek L. Barron for the District of Maryland emphasized, “We will use all the technologies and investigative measures at our disposal to disrupt and track down these cybercriminals.”
The FBI Baltimore Field Office is investigating the case with assistance from FBI Milwaukee and Boston Field Offices. Assistant U.S. Attorneys Aaron S.J. Zelinsky and Robert I. Goldaris are prosecuting the case with support from the National Security Division’s National Security Cyber Section.
As this case develops, it underscores the ongoing challenges in combating state-sponsored cyber attacks and their potential to disrupt critical infrastructure and government operations across international borders.
