In a major development, the United States government has unsealed an indictment charging six computer hackers from the Russian Federation with conspiracy to commit computer intrusion and wire fraud. The indictment alleges that five of the defendants were officers in Unit 29155 of the Russian Main Intelligence Directorate (GRU), a military intelligence agency. The sixth individual was a civilian already under indictment for conspiracy to commit computer intrusion and has now been charged with wire fraud conspiracy as well.

According to the indictment, these GRU hackers and their co-conspirator were engaged in a conspiracy to hack into, extract data from, leak information obtained from, and destroy computer systems associated with the Ukrainian government prior to the Russian invasion of Ukraine. The defendants targeted not only Ukrainian government systems but also computer systems in countries supporting Ukraine, including the United States and 25 other NATO countries.

"The GRU's WhisperGate campaign, including targeting Ukrainian critical infrastructure and government systems of no military value, is emblematic of Russia's abhorrent disregard for innocent civilians as it wages its unjust invasion," stated Assistant Attorney General Matthew G. Olsen of the National Security Division. He further emphasized that the Justice Department will use every available tool to disrupt such malicious cyber activities and hold the perpetrators accountable for their indiscriminate and destructive actions against the United States and its allies.

In conjunction with the indictment, the U.S. Department of State's Rewards for Justice program is offering a reward of up to $10 million for information on the defendants' locations or their malicious cyberactivity. The program seeks to gather information leading to the identification or location of individuals who participate in certain malicious cyber activities against U.S. critical infrastructure.

The indictment reveals that on January 13, 2022, the defendants conspired to distribute malware, known as "WhisperGate," to numerous Ukrainian government entities' computer systems. While it appeared to be ransomware, WhisperGate was actually a cyberweapon designed to completely destroy the target computers and related data in preparation for the Russian invasion. The Ukrainian government networks subjected to these attacks include various ministries, treasury, judiciary, and other key departments.

Additionally, the defendants compromised several targeted Ukrainian computer systems, exfiltrated sensitive data, such as patient health records, and defaced websites with threatening messages. The hacked data was also offered for sale on the internet.

The defendants expanded their attacks beyond Ukraine and targeted the transportation infrastructure of a Central European country supporting Ukraine. Furthermore, they probed protected computer systems associated with 26 NATO member countries, including the United States, from August 2021 to February 2022.

This indictment is part of an international effort known as Operation Toy Soldier, aimed at combating the malicious cyber activities of Unit 29155 of the GRU. Together with its allies, the U.S. government condemned the Russian military's cyber-attack on Ukraine and has released a Joint Cybersecurity Advisory to enhance network defense against Unit 29155's activities.

The Federal Bureau of Investigation (FBI) is leading the investigation, with assistance from its Baltimore, Milwaukee, and Boston Field Offices. Law enforcement partners from national and international agencies are collaborating to counter these cyber threats.

U.S. Attorney Erek L. Barron for the District of Maryland emphasized the commitment to tracking down and prosecuting cybercriminals who threaten national security. He stated that cyber intrusion schemes like the one alleged in this indictment pose a significant threat, and the full extent of available technologies and investigative measures will be utilized to disrupt and apprehend the culprits.

The unsealed indictment sheds light on the extensive cyber operations carried out by Russian hackers and serves as a stark reminder of the need for heightened cybersecurity measures to protect critical infrastructure worldwide.