Sept. 6 (UPI) — The United States and nine of its allies are formally accusing the Russian military of perpetrating wide-ranging cyberattacks for espionage and sabotage purposes since at least 2020, including targeting Ukraine ahead of the Kremlin’s 2022 invasion and NATO nations supporting Kyiv amid the ensuing war.
The democratic allies, led by the United States, in a joint cybersecurity advisory named the Russian General Staff Main Intelligence Directorate, known as the GRU, and its Unit 29155 as being behind the ongoing threat.
U.S. cyber authorities accuse Unit 29155 of orchestrating attempted coups, sabotage, influence operations and assassinations throughout Europe with its malicious activities expanding online in 2020.
The advisory states that the unit is responsbile for the deployment of WhisperGate malware targeting Ukrainian government computer systems starting a month before Russia invaded.
Coinciding with the advisory was the U.S. Justice Department unveiling a superseding indictment charging five Russian military officers and a Russian civilian already charged in the United States for being involved in the malware’s deployment.
According to federal prosecutors, the hacking conspiracy sought to steal data, leak information online and destroy computers systems of the Ukrainian government that had no military role in order to stoke fears among Ukrainians over the safety of their government and data ahead of the invasion.
Russian hacker Amin Timovich Stigal, who is in his early 20s, was charged by the U.S. Justice Department in late June in connection to the conspiracy.
Federal prosecutors said the WhisperGate campaign targeted dozens of computer systems in Ukraine, including government agencies related to the judiciary, education and food safety. Personal data, including health records, of thousands of Ukrainians were also stolen in the attack and advertised online for sale and related websites were defaced to read: “Ukrainians! All information about you has become public, be afraid and expect the worst. This is for your past, present and future.”
During a press conference on Thursday afternoon, Matt Olson, assistant attorney general for national security, described the exfiltration of the personal data as a Russian attempt to “sap the morale” of Ukrainians prior to the start of Russia’s full-scale invasion of its neighbor.
They then attempted to cover their tracks by appearing as criminals, demanding ransom in return for the personal data that Olson said the defendants had destroyed.
Olson described Stigal’s involvement as evidence of the Russian government’s “continued willingness to provide a haven for cybercriminals in exchange for such criminals being quote ‘on call’ to provide support and deniability for its military and intelligence services.”
The federal prosecutors also accuse the defendants of later targeting nations that have come to aid Ukraine’s defense with the joint cybersecurity advisory stating the FBI has observed more than 14,000 instances of domain scanning across at least 26 NATO members, including the United States and European Union nations.
Estonia, one of the nations involved in the joint advisory, said Thursday that it was formally blaming Russia and its Unit 29155 for hitting “some ministries” with malware in 2020 “with an aim to acquire sensitive information & undermine the sense of security in our society.”
In a statement, it highlighted that the accusation was the first time it has ever attributed cyberattacks against a state actor.
Its prosecutor’s office also seeks the arrest of three GRU officers, two whom Olson said Thursday that the United States were charging in the superseding indictment. Estonia said the trio of GRU officers are wanted internationally based on arrest warrants issued by its Harju County court.
Yuriy Denisov, a Russian colonel and a commanding officer ofUnit 29155’s cyber operations, was charged by the Justice Department on Thursday, along with four of his lieutenants in Unit 29155: Vladislav Borovkov, Denis Denisenko, Dmitriy Goloshubov and Nikolay Korchagin.
Estonia charged Denisov, Korchagin and another member of the unit, Vitali Shevchenko, its prosecutor’s office said in a statement.
All charged are believed to be residing in Russia, and the U.S. State Department’s Rewards for Justice program is offering up to $10 million for information on any of the defendants’ locations or their malicious cyberactivity.
Along with Estonia and the United States, the Netherlands, Czech Republic, Germany, Latvia, Ukraine, Canada, Australia and Britain were involved in the multination investigation that became the cybersecurity advisory released Thursday.
The announcement also comes a day after the Biden administration unleashed a swath of actions, including sanctions and indictments, targeting Russia over its attempts to influence the U.S. election that include “cyber-enabled influence officers.”