Indictments against members of Russia’s GRU Unit 29155 charging them with a series of cyberattacks on Ukrainian government systems were unsealed by the U.S. Department of Justice as part of Operation Toy Soldier. The operation tackles the persistent threat posed by state-sponsored cyber activities, particularly in light of Russia's ongoing invasion of Ukraine.
Handed down by a grand jury in Maryland, the indictment accuses six individuals—five military officers and one civilian—of conspiring to hack into key computer systems of the Ukrainian government as part of the General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center, also known as Unit 29155.
Their alleged crimes include data exfiltration, system disruption, and spreading malicious software designed not for ransom but for destruction—an alarming escalation in cyber warfare tactics.
The indictment further details the use of a U.S.-based company's services to deploy malware known as WhisperGate, which masqueraded as ransomware but was engineered to obliterate entire systems.
This malware targeted crucial Ukrainian ministries, leading to significant data breaches and system disruptions. The attackers also defaced websites, broadcasting threatening messages to instill fear and erode public confidence in the government's ability to protect its citizens.
The GRU's campaign aimed at NATO allies supporting Ukraine further amplifies the global stakes involved. The U.S. Department of State’s Rewards for Justice program has responded by offering up to $10 million for information leading to the capture of these cyber operatives.
The FBI, in collaboration with the National Security Division's Cyber Section and other agencies, remains committed to countering these threats. The indictments and ongoing investigations signal a robust response from the U.S. and its allies aimed at mitigating these threats and safeguarding critical infrastructure.
Russian hackers Cadet Blizzard, who gained notoriety for deploying the WhisperGate malware against Ukrainian systems, were connected to the General Staff Main Intelligence Directorate. The U.S. offered a $10 million reward for details on the threat actor via the Rewards for Justice program.
In June 2024, Amin Timovich Stigal, a 22-year-old Russian, was indicted for his involvement in these cyber assaults, marking a significant step in ongoing legal proceedings.
GRU compromised several Ukrainian computer systems, exfiltrating sensitive data, defacing the websites, and immediately putting the hack for sale online to generate concern among the Ukrainians regarding “the safety of government systems and data.”
The indictment said that between August 2021 and February 2022, GRU leveraged the same computer infrastructure they used in the Ukraine attacks to probe the computers of a federal government agency in Maryland using the same tactics. In August 2022, GRU reportedly hacked the transportation infrastructure of a Central European country that was supporting Ukraine.
Five GRU officers—Yuriy Denisov, Vladislav Borovkov, Denis Denisenko, Dmitriy Goloshubov, and Nikolay Korchagin—face charges related to conspiracy in computer intrusions and wire fraud against Ukrainian and NATO-aligned targets.