A federal grand jury in Maryland has indicted Amin Timovich Stigal (Амин Тимович Стигал), a 22-year-old Russian national, on charges of conspiring with Russian military intelligence to hack and destroy computer systems and data.
This cyber offensive, which targeted Ukrainian government systems and later extended to countries supporting Ukraine, was carried out just before Russia’s full-scale invasion of Ukraine in February 2022. Stigal remains at large.
Concurrent with the indictment, the U.S. Department of State’s Rewards for Justice program has announced a reward of up to $10 million for information on Stigal’s whereabouts or his malicious cyber activities. Individuals with pertinent information are encouraged to contact Rewards for Justice.
Attorney General Merrick B. Garland emphasized the gravity of the allegations, stating, “The defendant conspired with Russian military intelligence on the eve of Russia’s unjust and unprovoked invasion of Ukraine to launch cyberattacks targeting the Ukrainian government and later targeting its allies, including the United States.” He reaffirmed the Justice Department’s commitment to supporting Ukraine against Russia’s aggression and holding accountable those responsible for such cyber activities.
Assistant Attorney General Matthew G. Olsen highlighted Russia’s repeated use of cyber warfare tactics to intimidate and destroy, asserting that the Department of Justice will work to disrupt such malicious behavior and pursue the perpetrators. FBI Deputy Director Paul Abbate and U.S. Attorney Erek L. Barron for the District of Maryland echoed these sentiments, emphasizing the commitment to combating cyber threats and protecting national security.
According to court documents, in January 2022, Stigal and members of the Russian GRU (Main Intelligence Directorate of the General Staff) conspired to use a U.S.-based company’s services to distribute the malware “WhisperGate” to numerous Ukrainian government entities. The malware, disguised as ransomware, was designed to destroy the targeted systems and data, causing widespread disruption ahead of the Russian invasion. The attack on January 13, 2022, affected multiple Ukrainian government networks, including the Ministry of International Affairs, the State Treasury, and several others.
The Conspirators also exfiltrated sensitive data, including patient health records, and defaced websites with a threatening message aimed at sowing fear among Ukrainians. In August 2022, they extended their cyberattacks to a Central European country supporting Ukraine and probed a federal government agency in Maryland using similar tactics.
If convicted, Stigal faces a maximum penalty of five years in prison. The FBI Baltimore Field Office is leading the investigation, with ongoing efforts to track down and bring the cybercriminals to justice. This indictment underscores the international commitment to combating cyber threats and protecting global security.
For those with information on Stigal’s activities or location, contact the Rewards for Justice program to aid in the pursuit of justice.
