The US Military and federal authorities in Baltimore have announced a multi-million-dollar reward for six Russian citizens accused of orchestrating cyberattacks on a Maryland-based government agency and Ukrainian computer systems. The indictment, unsealed Thursday, charges five members of the Russian military intelligence agency, the GRU, and one affiliated civilian with conspiracy to commit computer intrusion and wire fraud conspiracy.
The individuals are accused of being part of Unit 29155, a GRU unit known for its cyber operations. The FBI, CISA, NSA, and allied agencies released a joint advisory detailing the unit’s activities.
Targeting Ukrainian Systems and a US Government Agency
The indictment details a multi-pronged hacking campaign that began in August 2021 and continued through February 2022. According to the indictment, the group allegedly targeted the Maryland government agency, conducting “probing” activity 63 times.
The hackers are also accused of launching attacks against Ukraine, specifically targeting the country’s Ministry of Internal Affairs, State Treasury, Judiciary Administration, and other civilian agencies. These attacks included the use of the destructive WhisperGate malware, which was deployed as early as January 2022 in an apparent attempt to disrupt Ukrainian government operations ahead of the Russian invasion.
A “Relentless” Pursuit
The US government has offered a reward of up to $10 million for information leading to the arrest and conviction of each individual, totaling $60 million.
“The message is clear to the GRU and the Russians: We are onto you,” said the Assistant Attorney General for National Security, Matt Olsen. “The FBI and the Department of Justice will relentlessly pursue you. That sends a powerful deterrent message.”
GRU Unit 29155: A Rising Cyber Threat
The indictment provides a detailed look into the activities of Unit 29155, revealing a sophisticated and increasingly active cyber unit. The joint advisory released by US agencies highlights the unit’s evolving capabilities, stating that it has “conducted computer network operations against numerous members of the North Atlantic Treaty Organization (NATO) in Europe and North America, as well as countries in Europe, Latin America, and Central Asia.”
The advisory describes the unit’s activities as encompassing website defacement, infrastructure scanning, data exfiltration, and data leak operations. The unit also uses tools commonly employed by “red teaming” groups, which simulate malicious attacks to test security measures.
A Global Cyber Threat
The charges against the Russian hackers are the latest in a series of actions by the US government to counter Russian cyber activity. The Department of Justice accused Russia of directing influence campaigns targeting US voters in June.
The indictments and rewards the US offers underscore the escalating cyber warfare between Russia and Western nations. These attacks highlight the growing threat cybercriminals pose and emphasize the need for increased vigilance in protecting critical infrastructure and government systems.