US accuses five Russian military hackers of attacking Ukraine government with malware

The U.S. Justice Department on Thursday charged five members of Russian military intelligence with hacking into several Ukrainian government agencies, an unnamed U.S. government agency in Maryland and computers belonging to 26 NATO countries, amongst other victims.

Department of Justice announced the indictment five members of Russia’s Main Intelligence Directorate, also often called the GRU, and specifically its hacking unit 29155. The indictment names Russian GRU Colonel and cyber operations commander Yuri Denisov; lieutenants Vladislav Borovkov, Denis Denisenko, Dmitry Goloshubov, and Nikolai Korchagin; and civilian co-conspirator Amin Sitgal, who had previously been charged with some of the identical crimes.

Prosecutors say the six defendants were behind the WhisperGate cyberattack, an operation that was designed to appear like a ransomware attack on the Ukrainian government but was in truth a destructive attack that was designed to render targeted computers unusable. The Russian government he was accused launching WhisperGate to support a full-scale invasion of Ukraine in February 2022.

According to the indictmentDenisov, Deniskno, Korchagin, Goloshubov, Borovkov, and other anonymous individuals planned to satisfy at Cafe Shokoladnitsa within the Sofia shopping center in Moscow. The indictment doesn’t explain how the U.S. government was in a position to obtain details about these meetings or photos of the suspects, but it surely suggests that authorities gained significant access to the hackers’ infrastructure.

“The message is clear. To the GRU and the Russians: We’re on your trail, we’ve hacked into your systems. The FBI, the Justice Department will be after you relentlessly, so you better pay attention to the fact that we’ve gotten to you and we’re in your systems,” Matt Olsen, assistant attorney general for national security, said at a news conference announcing the indictments.

The indictment included details of six Russian cyber operations, in addition to a bunch photo of 4 lieutenants and General Denisov.

Six Russians are accused of breaking into several government and civilian facilities in Ukraine over the past few years, including the Ministry of Internal Affairs, the State Treasury, the Judiciary Administration, several other government departments and the state-owned Ukrainian Railways.

Around October 2022, the six allegedly hacked into what the indictment describes only because the transportation infrastructure of a “Central European country.” As previously reported, the timing of the attack suggests it was cyberattack on Denmarkwhich caused delays and disruptions to rail traffic across the country, in keeping with the indictment.

During a press conference, U.S. government officials declined to offer details about which Maryland-based U.S. agency was targeted by Russian hackers.

Also on Thursday, the FBI, the U.S. cybersecurity agency CISA, the U.K.’s National Cybersecurity Center, and European, Canadian and Australian government agencies, a joint guide on cybersecurity was issued with technical details of the operation of Unit 29155.

The FBI, which has dubbed the international crackdown on six alleged Russian hackers Operation Toy Soldier, a poster with photos of hackers was published asking for suggestions that may lead to their arrest and offering a $10 million reward for every alleged hacker.

In the post on the official X account As part of its Rewards for Justice bug bounty program, the U.S. government labeled the hackers “babyfaces” after the indictment.