Sep 06, 2024 14:00:00

It turns out that the Russian hacker group that attacked critical infrastructure in NATO member states and Ukraine belonged to Unit 29155 of the Russian Intelligence Agency

The District of Maryland has indicted six Russian-based individuals, five of whom are known to be members of

the Main Intelligence Directorate of the Russian Armed Forces (GRU), for allegedly using a US-based service to distribute malware to the networks of Ukrainian government agencies .

Office of Public Affairs | Five Russian GRU Officers and One Civilian Charged for Conspiring to Hack Ukrainian Government | United States Department of Justice
https://www.justice.gov/opa/pr/five-russian-gru-officers-and-one-civilian-charged-conspiring-hack-ukrainian-government

US Broadens Indictments Against Russian Intelligence Hackers

https://www.paymentsecurity.io/us-broadens-indictments-against-russian-intelligence-hackers-a-26210

According to the indictment, the defendants used the services of a U.S.-based company to distribute malware known as 'WhisperGate' to dozens of Ukrainian government agency computer systems on January 13, 2022. WhisperGate was a cyber weapon designed to completely destroy targeted computers and associated data prior to Russia's invasion of Ukraine , which began on February 24 of the same year.

Ukrainian government networks targeted in the attacks included the Ministry of Internal Affairs of Ukraine, Ministry of State Finance, Service for Judicial Administration, National Portal for Digital Services, Ministry of Education and Science, Ministry of Agriculture, State Service for Food Safety and Consumer Protection, Ministry of Energy, Chamber of Accounts of Ukraine, State Emergency Services, State Forestry Service, and Automobile Insurance Agency.

In conjunction with these attacks, the defendants also breached several systems, exfiltrating confidential data, including the health records of hospital patients, and defaced a website with a message such as 'People of Ukraine! All information about you has been made public. Imagine the worst. This is for your past, present and future.' On the same day, the defendants sold the hacked data on the Internet.

The attack was also brought to the attention of the US government, and in May 2022, the US government condemned the cyber attack, attributing it to the Russian military.

In August 2022, the defendants also hacked the transportation infrastructure of Central European countries that were supporting Ukraine. The defendants are said to have been investigating various systems, including those related to 26 NATO member states, for potential vulnerabilities since August 2021, and the indictment further states, 'From August 5, 2021 to February 3, 2022, they probed computers belonging to a federal agency in the State of Maryland.'

The defendants indicted are Russian Colonel Yuri Denisov, who serves as the cyber operations commander for Unit 29155 under the GRU, four Russian lieutenants who served in Unit 29155 and engaged in cyber operations, and a civilian accomplice, Amin Sitgal. Unit 29155 is suspected of being involved in the bombing of an ammunition depot in Bulgaria and sabotage on NATO territory. All of the defendants, Russian nationals residing in Russia, are accused of computer intrusion and conspiracy to commit wire fraud.