The United States expanded its hunt on Thursday for Russia’s most elite cyberwarriors, indicting five members of the country’s military intelligence agency for a series of attacks on Ukraine and American companies in the run-up to the invasion of Ukraine in 2022.
The State Department and American allies also offered a reward of up to $60 million for their arrest; the reward for Osama bin Laden and other leaders of Al Qaeda after the Sept. 11, 2001, attacks was $25 million.
The attacks, known as “Whisper Gate,” on Ukraine’s government agencies, NATO countries and American firms were essentially the opening salvos in the invasion of Ukraine. They were intended to cripple the government, bring down a major satellite communications network and scare off NATO nations from coming to Kyiv’s aid. But they were countered by a combination of U.S. Cyber Command and firms like Microsoft, Google and Amazon, who moved the operations of the Ukrainian government to the cloud and kept the country running in a remarkable digital defense operation.
“The Whisper Gate attack in January of 2022 could be considered the first shot of the war,” said William J. DelBagno, the F.B.I.’s special agent in charge of the Baltimore field office. “The cybercriminals sent a message with their malware to, quote, be afraid and expect the worst. A month later, Russia physically invaded the country.”
In the hours before the invasion in February 2022, it was Microsoft’s warning to the White House about a gathering digital storm, meant to blind Ukraine, that provided another warning that tanks were getting ready to roll.
The Justice Department announced they had charged five members of the Russian military intelligence service known as the G.R.U. in connection with the attack, which targeted Ukrainian critical infrastructure including financial systems, emergencies services, health care, education and other sectors.
In addition to the Ukraine attacks, the G.R.U. operatives targeted a government agency in Maryland, scanning it 60 times for vulnerabilities. The officials declined to identify the office. The National Security Agency and U.S. Cyber Command, the N.S.A.’s military cousin, have headquarters at Fort Meade, Md., and both agencies are intently focused on defensive and offensive cyberoperations against Russian targets.
U.S. officials said the G.R.U. members disguised themselves as criminal hackers, leaving behind ransom notes. But there was no data to ransom; the attack on Ukrainian government computers was meant to destroy data.
Also indicted was Amin Stigal, whom U.S. officials said was a civilian and hacker who did work for the Russian government.
Matthew Olsen, the assistant attorney general for national security, said that Mr. Stigal’s alleged involvement showed that Russia had continued to provide a safe haven for criminals in exchange for support, and cover, for their military intelligence services.
The United States has stepped up its actions against Russia in recent days. On Wednesday, the Justice Department announced it had taken down part of the so-called Doppelgänger network, bringing offline 32 different sites that were mimicking news sites but spreading pro-Russian propaganda.
The G.R.U. members whose indictment was unsealed Thursday were unlikely to be apprehended and brought to trial any time soon.
But Mr. Olsen said they were now “marked people” with a reward on their heads. “We’re going to pursue them relentlessly,” he said.
He added that the indictment sent a message to Russia, and offered important information to information technology professionals on how to protect their systems.
“The message is clear to the G.R.U. and to the Russians,” Mr. Olsen said. “We are on to you; we have penetrated your systems. The F.B.I., the Department of Justice will be relentless in pursuing you.”
The post U.S. Indicts Members of Russian Military Intelligence Over Cyber Attack on Ukraine appeared first on New York Times.
