# Federal Indictment Reveals Russian Cyber Espionage Initiative Against Ukraine and Its Allies
On Thursday, federal prosecutors disclosed an indictment charging six Russian individuals with conspiracy to infiltrate the computer systems of the Ukrainian government and its allies. The indictment, submitted to the US District Court for the District of Maryland, accuses these individuals of participating in cyber espionage and harmful cyberattacks on behalf of the Kremlin, focusing on essential infrastructure and sensitive information in Ukraine and other nations supporting Ukraine, including the United States.
## The WhisperGate Malware Initiative
The indictment comes nearly three years after Microsoft initially reported the identification of a harmful malware known as **WhisperGate**. This malware, which posed as ransomware, was intended to irreversibly damage computers by erasing the master boot record, a vital component of the hard drive essential for launching the operating system. WhisperGate was discovered to have infected numerous Ukrainian government, nonprofit, and IT organizations, resulting in significant disruptions.
In April 2022, Microsoft released a subsequent report indicating that WhisperGate was part of a larger initiative aimed at coordinating destructive cyberattacks against critical infrastructure in Ukraine alongside kinetic military actions by Russian forces. The indictment unsealed on Thursday integrates many of the findings reported by Microsoft, emphasizing the magnitude and orchestration of Russia’s hybrid warfare strategies.
## The Defendants and Their Functions
The six defendants identified in the indictment are:
1. **Yuriy Denisov**: A colonel in the Russian military and commanding officer of Cyber Operations for Unit 29155.
2. **Vladislav Borokov**: A lieutenant in Unit 29155 involved in cyber operations.
3. **Denis Denisenko**: A lieutenant in Unit 29155 engaged in cyber operations.
4. **Dmitriy Goloshubov**: A lieutenant in Unit 29155 engaged in cyber operations.
5. **Nikolay Korchagin**: A lieutenant in Unit 29155 engaged in cyber operations.
6. **Amin Stigal**: An alleged civilian co-conspirator, previously indicted in June for his involvement in WhisperGate activities.
The indictment claims that the conspiracy commenced no later than December 2020 and is still ongoing. The defendants and additional unnamed co-conspirators are alleged to have been scanning computers globally, including in the US, for vulnerabilities. Upon gaining access, they reportedly infected networks with wiper malware and, in certain instances, exfiltrated sensitive data.
## Wider Implications and Counteractions
The indictment is part of a broader initiative by the US government to counteract Russian cyber and psychological maneuvers. On Wednesday, federal officials declared the indictments of two Russian media executives accused of secretly financing and directing a US company to produce and disseminate propaganda videos aimed at swaying public opinion and exacerbating social divisions, particularly concerning Russia’s invasion of Ukraine.
Moreover, federal authorities have taken legal measures to combat other Russian psychological strategies, including seizing 32 internet domains utilized for spreading anti-Ukraine propaganda and sanctioning Russian individuals and entities implicated in disseminating disinformation.
## Unit 29155: Russia’s Covert Cyber Warfare Unit
Unit 29155, a secretive segment of the Russian Main Intelligence Directorate (GRU), is recognized for executing sabotage, assassinations, and coup attempts outside of Russia. Reports indicate that Unit 29155 has recently formed its own active team of cyberwarfare operators, indicating a closer integration of physical and digital strategies by Russia. This unit differentiates itself from other GRU units that utilize more recognized Russian-state hacking groups, such as Fancy Bear (APT28) and Sandworm.
## Conclusion
The unsealing of this indictment highlights the persistent threat posed by Russian cyber operations and the extremes to which the Kremlin will go to fulfill its geopolitical ambitions. As Assistant Attorney General Matthew G. Olsen of the National Security Division remarked, “The GRU’s WhisperGate campaign, including targeting Ukrainian critical infrastructure and government systems of no military significance, exemplifies Russia’s deplorable disregard for innocent civilians as it conducts its unjust invasion.”
The Justice Department has announced a $10 million reward for information leading to the suspects’ whereabouts or cyber activities, an initiative intended to restrict their travel options and dissuade other Russians from partaking in similar actions. The indictment serves as a reminder of the significance of international collaboration and vigilance against state-sponsored cyber threats.
